5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.1 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
32.6%
XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input.
CPE | Name | Operator | Version |
---|---|---|---|
robotsandpencils:go-saml | robotsandpencils go-saml | eq | - |
[
{
"vendor": "github.com/RobotsAndPencils/go-saml",
"product": "github.com/RobotsAndPencils/go-saml",
"collectionURL": "https://pkg.go.dev",
"packageName": "github.com/RobotsAndPencils/go-saml",
"programRoutines": [
{
"name": "AuthnRequest.Validate"
},
{
"name": "NewAuthnRequest"
},
{
"name": "NewSignedResponse"
},
{
"name": "ServiceProviderSettings.GetAuthnRequest"
}
],
"defaultStatus": "affected"
}
]
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.1 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
32.6%