XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input.
[
{
"vendor": "github.com/RobotsAndPencils/go-saml",
"product": "github.com/RobotsAndPencils/go-saml",
"collectionURL": "https://pkg.go.dev",
"packageName": "github.com/RobotsAndPencils/go-saml",
"programRoutines": [
{
"name": "AuthnRequest.Validate"
},
{
"name": "NewAuthnRequest"
},
{
"name": "NewSignedResponse"
},
{
"name": "ServiceProviderSettings.GetAuthnRequest"
}
],
"defaultStatus": "affected"
}
]