blob: 8cc19890ed3524d77421ba2436b169cd5f875896 [file] [log] [blame]
packages:
- module: github.com/dexidp/dex
package: github.com/dexidp/dex/connector/saml
symbols:
- provider.HandlePOST
versions:
- fixed: v0.0.0-20201214082111-324b1c886b40
description: |
Due to the behavior of encoding/xml, a crafted XML document may cause
XML Digital Signature validation to be entirely bypassed, causing an
unsigned document to appear signed.
published: 2021-04-14T20:04:52Z
cves:
- CVE-2020-15216
ghsas:
- GHSA-q547-gmf8-8jr7
credit: Juho Nurminen (Mattermost)
links:
commit: https://github.com/dexidp/dex/commit/324b1c886b407594196113a3dbddebe38eecd4e8
context:
- https://github.com/dexidp/dex/security/advisories/GHSA-m9hp-7r99-94h5