GO-2021-0060

Source

https://pkg.go.dev/vuln/GO-2021-0060

Import Source

https://vuln.go.dev/ID/GO-2021-0060.json

Aliases

Published

2021-04-14T20:04:52Z

Modified

2023-12-06T01:00:31.623814Z

Details

Due to the behavior of encoding/xml, a crafted XML document may cause XML Digital Signature validation to be entirely bypassed, causing an unsigned document to appear signed.

References

https://github.com/russellhaering/gosaml2/commit/42606dafba60c58c458f14f75c4c230459672ab9

Affected packages

Go / github.com/russellhaering/gosaml2

Package

Name: github.com/russellhaering/gosaml2

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Fixed

0.6.0

Ecosystem specific

{
    "imports": [
        {
            "path": "github.com/russellhaering/gosaml2",
            "symbols": [
                "SAMLServiceProvider.RetrieveAssertionInfo",
                "SAMLServiceProvider.ValidateEncodedLogoutRequestPOST",
                "SAMLServiceProvider.ValidateEncodedLogoutResponsePOST",
                "SAMLServiceProvider.ValidateEncodedResponse",
                "parseResponse"
            ]
        }
    ]
}