Lucene search

CVE-2020-36563

🗓️ 28 Dec 2022 03:09:15Reported by GoType

XML Digital Signatures using SHA-1 allowing hash collisions

Reporter	Title	Published	Views	Family All 8
OSV	Weak hash (SHA-1) in github.com/RobotsAndPencils/go-saml	14 Apr 202120:04	–	osv
OSV	go-saml's XML Digital Signatures use SHA-1	28 Dec 202203:30	–	osv
Veracode	Hash Collision	12 Jan 202305:02	–	veracode
Prion	Input validation	28 Dec 202203:15	–	prion
Cvelist	CVE-2020-36563 Weak hash (SHA-1) in github.com/RobotsAndPencils/go-saml	27 Dec 202221:13	–	cvelist
NVD	CVE-2020-36563	28 Dec 202203:15	–	nvd
GitLab Advisory Database	Use of Weak Hash	28 Dec 202200:00	–	gitlab
Github Security Blog	go-saml's XML Digital Signatures use SHA-1	28 Dec 202203:30	–	github

Nvd

Node

robotsandpencils go-samlMatch-go

[
  {
    "vendor": "github.com/RobotsAndPencils/go-saml",
    "product": "github.com/RobotsAndPencils/go-saml",
    "collectionURL": "https://pkg.go.dev",
    "packageName": "github.com/RobotsAndPencils/go-saml",
    "programRoutines": [
      {
        "name": "AuthnRequest.Validate"
      },
      {
        "name": "NewAuthnRequest"
      },
      {
        "name": "NewSignedResponse"
      },
      {
        "name": "ServiceProviderSettings.GetAuthnRequest"
      }
    ],
    "defaultStatus": "affected"
  }
]

Source	Link
github	www.github.com/RobotsAndPencils/go-saml/pull/38
pkg	www.pkg.go.dev/vuln/GO-2020-0047

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

28 Dec 2022 03:15Current

5.2Medium risk

Vulners AI Score5.2

CVSS35.3

EPSS0.00062

CWE-347