This advisory has been withdrawn because it is a duplicate of GHSA-prjq-f4q3-fvfr. This link is maintained to preserve external references.
This affects all versions less than 0.7.0 of package github.com/russellhaering/gosaml2. There is a crash on null pointer dereference caused by sending malformed XML signatures.
{ "nvd_published_at": "2021-04-30T16:15:00Z", "cwe_ids": [ "CWE-476" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2021-05-20T21:39:22Z" }