This affects all versions <0.7.0 of package github.com/russellhaering/gosaml2. There is a crash on nil-pointer dereference caused by sending malformed XML signatures.
{ "source": "REFERENCES" }
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7731.json"