Due to the behavior of encoding/xml, a crafted XML document may cause XML Digital Signature validation to be entirely bypassed, causing an unsigned document to appear signed.
{ "review_status": "REVIEWED", "url": "https://pkg.go.dev/vuln/GO-2021-0058" }
{ "imports": [ { "path": "github.com/crewjam/saml", "symbols": [ "IdentityProvider.ServeSSO", "IdpAuthnRequest.Validate", "ServiceProvider.ParseResponse", "ServiceProvider.ParseXMLResponse", "ServiceProvider.ValidateLogoutResponseForm", "ServiceProvider.ValidateLogoutResponseRedirect", "ServiceProvider.ValidateLogoutResponseRequest" ] }, { "path": "github.com/crewjam/saml/samlidp", "symbols": [ "Server.HandlePutService", "getSPMetadata" ] }, { "path": "github.com/crewjam/saml/samlsp", "symbols": [ "FetchMetadata", "Middleware.ServeHTTP", "New", "ParseMetadata" ] } ] }