Due to a nil pointer dereference, a malformed XML Digital Signature can cause a panic during validation. If user supplied signatures are being validated, this may be used as a denial of service vector.
{ "review_status": "REVIEWED", "url": "https://pkg.go.dev/vuln/GO-2020-0046" }
{ "imports": [ { "path": "github.com/russellhaering/gosaml2", "symbols": [ "SAMLServiceProvider.RetrieveAssertionInfo", "SAMLServiceProvider.ValidateEncodedLogoutRequestPOST", "SAMLServiceProvider.ValidateEncodedLogoutResponsePOST", "SAMLServiceProvider.ValidateEncodedResponse", "SAMLServiceProvider.validateAssertionSignatures" ] } ] }