Blame - data/reports/GO-2021-0060.yaml - vulndb

blob: 4342ec8ffa9609b68dd07e0df7ee513733fb383d [file] [log] [blame]

Damien Neil	b5cb765	2022-08-18 15:09:12 -0700	[diff] [blame]	1	modules:
Damien Neil	77344fd	2022-05-10 15:03:50 -0700	[diff] [blame]	2	- module: github.com/russellhaering/gosaml2
Damien Neil	77344fd	2022-05-10 15:03:50 -0700	[diff] [blame]	3	versions:
Damien Neil	df2d3d3	2022-05-12 16:02:17 -0700	[diff] [blame]	4	- fixed: 0.6.0
Tatiana Bradley	cf9ad2b	2023-01-13 17:38:26 -0500	[diff] [blame]	5	vulnerable_at: 0.5.0
Damien Neil	b5cb765	2022-08-18 15:09:12 -0700	[diff] [blame]	6	packages:
				7	- package: github.com/russellhaering/gosaml2
				8	symbols:
				9	- parseResponse
				10	derived_symbols:
				11	- SAMLServiceProvider.RetrieveAssertionInfo
				12	- SAMLServiceProvider.ValidateEncodedLogoutRequestPOST
				13	- SAMLServiceProvider.ValidateEncodedLogoutResponsePOST
				14	- SAMLServiceProvider.ValidateEncodedResponse
Tatiana Bradley	7c92a88	2023-05-08 13:11:54 -0400	[diff] [blame^]	15	summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
Roland Shoemaker	a3a17c9	2021-04-14 12:59:24 -0700	[diff] [blame]	16	description: \|
Jonathan Amsterdam	2552b96	2022-02-02 12:53:36 -0500	[diff] [blame]	17	Due to the behavior of encoding/xml, a crafted XML document may cause
				18	XML Digital Signature validation to be entirely bypassed, causing an
				19	unsigned document to appear signed.
Jonathan Amsterdam	49ef614	2022-02-10 08:53:15 -0500	[diff] [blame]	20	published: 2021-04-14T20:04:52Z
Julie Qiu	3008f8a	2022-01-04 15:37:42 -0500	[diff] [blame]	21	cves:
				22	- CVE-2020-29509
Jonathan Amsterdam	1a19dd1	2022-03-01 10:04:31 -0500	[diff] [blame]	23	ghsas:
				24	- GHSA-xhqq-x44f-9fgg
Roland Shoemaker	a3a17c9	2021-04-14 12:59:24 -0700	[diff] [blame]	25	credit: Juho Nurminen
Damien Neil	00e94d7	2022-08-26 14:59:35 -0700	[diff] [blame]	26	references:
				27	- fix: https://github.com/russellhaering/gosaml2/commit/42606dafba60c58c458f14f75c4c230459672ab9