Google Git
Sign in
go / vulndb / 82175fd7a30858dc376cb5f6f15b062810844ff0 / . / data / reports / GO-2021-0060.yaml
blob: 47fcedc0c7c91159a77489e9dc817508d36d4ff1 [file] [log] [blame]
Tatiana Bradleyf1409b02023-05-24 14:02:12 -0400[diff] [blame]1id: GO-2021-0060
Damien Neilb5cb7652022-08-18 15:09:12 -0700[diff] [blame]2modules:
Tatiana Bradley82175fd2023-05-31 17:04:08 -0400[diff] [blame^]3 - module: github.com/russellhaering/gosaml2
4 versions:
5 - fixed: 0.6.0
6 vulnerable_at: 0.5.0
7 packages:
8 - package: github.com/russellhaering/gosaml2
9 symbols:
10 - parseResponse
11 derived_symbols:
12 - SAMLServiceProvider.RetrieveAssertionInfo
13 - SAMLServiceProvider.ValidateEncodedLogoutRequestPOST
14 - SAMLServiceProvider.ValidateEncodedLogoutResponsePOST
15 - SAMLServiceProvider.ValidateEncodedResponse
Tatiana Bradley7c92a882023-05-08 13:11:54 -0400[diff] [blame]16summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
Roland Shoemakera3a17c92021-04-14 12:59:24 -0700[diff] [blame]17description: |
Jonathan Amsterdam2552b962022-02-02 12:53:36 -0500[diff] [blame]18 Due to the behavior of encoding/xml, a crafted XML document may cause
19 XML Digital Signature validation to be entirely bypassed, causing an
20 unsigned document to appear signed.
Jonathan Amsterdam49ef6142022-02-10 08:53:15 -0500[diff] [blame]21published: 2021-04-14T20:04:52Z
Julie Qiu3008f8a2022-01-04 15:37:42 -0500[diff] [blame]22cves:
Tatiana Bradley82175fd2023-05-31 17:04:08 -0400[diff] [blame^]23 - CVE-2020-29509
Jonathan Amsterdam1a19dd12022-03-01 10:04:31 -0500[diff] [blame]24ghsas:
Tatiana Bradley82175fd2023-05-31 17:04:08 -0400[diff] [blame^]25 - GHSA-xhqq-x44f-9fgg
Tatiana Bradley09108142023-05-18 16:23:32 -0400[diff] [blame]26credits:
Tatiana Bradley82175fd2023-05-31 17:04:08 -0400[diff] [blame^]27 - Juho Nurminen
Damien Neil00e94d72022-08-26 14:59:35 -0700[diff] [blame]28references:
Tatiana Bradley82175fd2023-05-31 17:04:08 -0400[diff] [blame^]29 - fix: https://github.com/russellhaering/gosaml2/commit/42606dafba60c58c458f14f75c4c230459672ab9