This affects all versions less than 0.7.0 of package github.com/russellhaering/gosaml2. There is a crash on null pointer dereference caused by sending malformed XML signatures.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/russellhaering/goxmldsig | lt | 1.1.1 | |
github.com/russellhaering/gosaml2 | lt | 0.7.0 |
github.com/advisories/GHSA-gq5r-cc4w-g8xf
github.com/russellhaering/gosaml2/commit/66e3b7affd622b8b24ea1e18845f045e46b23424
github.com/russellhaering/gosaml2/issues/59
github.com/russellhaering/gosaml2/pull/90
github.com/russellhaering/gosaml2/releases/tag/v0.7.0
github.com/russellhaering/goxmldsig/issues/48
nvd.nist.gov/vuln/detail/CVE-2020-7731
snyk.io/vuln/SNYK-GOLANG-GITHUBCOMRUSSELLHAERINGGOSAML2-608302