Blame - data/reports/GO-2021-0060.yaml - vulndb

blob: 995bc1175bb7e54c0d58479e60550c51c2976556 [file] [log] [blame]

Damien Neil	b5cb765	2022-08-18 15:09:12 -0700	[diff] [blame]	1	modules:
Damien Neil	77344fd	2022-05-10 15:03:50 -0700	[diff] [blame]	2	- module: github.com/russellhaering/gosaml2
Damien Neil	77344fd	2022-05-10 15:03:50 -0700	[diff] [blame]	3	versions:
Damien Neil	df2d3d3	2022-05-12 16:02:17 -0700	[diff] [blame]	4	- fixed: 0.6.0
Tatiana Bradley	cf9ad2b	2023-01-13 17:38:26 -0500	[diff] [blame]	5	vulnerable_at: 0.5.0
Damien Neil	b5cb765	2022-08-18 15:09:12 -0700	[diff] [blame]	6	packages:
				7	- package: github.com/russellhaering/gosaml2
				8	symbols:
				9	- parseResponse
				10	derived_symbols:
				11	- SAMLServiceProvider.RetrieveAssertionInfo
				12	- SAMLServiceProvider.ValidateEncodedLogoutRequestPOST
				13	- SAMLServiceProvider.ValidateEncodedLogoutResponsePOST
				14	- SAMLServiceProvider.ValidateEncodedResponse
Roland Shoemaker	a3a17c9	2021-04-14 12:59:24 -0700	[diff] [blame]	15	description: \|
Jonathan Amsterdam	2552b96	2022-02-02 12:53:36 -0500	[diff] [blame]	16	Due to the behavior of encoding/xml, a crafted XML document may cause
				17	XML Digital Signature validation to be entirely bypassed, causing an
				18	unsigned document to appear signed.
Jonathan Amsterdam	49ef614	2022-02-10 08:53:15 -0500	[diff] [blame]	19	published: 2021-04-14T20:04:52Z
Julie Qiu	3008f8a	2022-01-04 15:37:42 -0500	[diff] [blame]	20	cves:
				21	- CVE-2020-29509
Jonathan Amsterdam	1a19dd1	2022-03-01 10:04:31 -0500	[diff] [blame]	22	ghsas:
				23	- GHSA-xhqq-x44f-9fgg
Roland Shoemaker	a3a17c9	2021-04-14 12:59:24 -0700	[diff] [blame]	24	credit: Juho Nurminen
Damien Neil	00e94d7	2022-08-26 14:59:35 -0700	[diff] [blame]	25	references:
				26	- fix: https://github.com/russellhaering/gosaml2/commit/42606dafba60c58c458f14f75c4c230459672ab9