EUVD-2022-7517

Malicious code in bioql PyPI...

EUVD-2024-2513

Malicious code in bioql PyPI...

RobotsAndPencils go-saml authentication bypass vulnerability

RobotsAndPencils go-saml, a SAML client library written in Go, contains an authentication bypass vulnerability in all known versions. This is due to how the xmlsec1 command line tool is called internally to verify the signature of SAML assertions. When xmlsec1 is used without defining the enabled...

GHSA-6H53-Q94J-348W RobotsAndPencils go-saml authentication bypass vulnerability

RobotsAndPencils go-saml, a SAML client library written in Go, contains an authentication bypass vulnerability in all known versions. This is due to how the xmlsec1 command line tool is called internally to verify the signature of SAML assertions. When xmlsec1 is used without defining the enabled...

RobotsAndPencils go-saml authentication bypass vulnerability

RobotsAndPencils go-saml, a SAML client library written in Go, contains an authentication bypass vulnerability in all known versions. This is due to how the xmlsec1 command line tool is called internally to verify the signature of SAML assertions. When xmlsec1 is used without defining the enabled...

CVE-2023-48703

RobotsAndPencils go-saml, a SAML client library written in Go, contains an authentication bypass vulnerability in all known versions. This is due to how the xmlsec1 command line tool is called internally to verify the signature of SAML assertions. When xmlsec1 is used without defining the enabled...

CVE-2023-48703

CVE-2023-48703 affects the RobotsAndPencils/go-saml library. The vulnerability is an authentication bypass caused by how the xmlsec1 tool is invoked to verify SAML signatures: if the enabled key data is not restricted, an attacker can embed a forged public key in the SAML token and sign assertion...

CVE-2023-48703 SAML authentication bypass vulnerability in RobotsAndPencils/go-saml

RobotsAndPencils go-saml, a SAML client library written in Go, contains an authentication bypass vulnerability in all known versions. This is due to how the xmlsec1 command line tool is called internally to verify the signature of SAML assertions. When xmlsec1 is used without defining the enabled...

PT-2024-13626

Name of the Vulnerable Software and Affected Versions go-saml versions all known versions Description The go-saml library contains an authentication bypass issue due to the internal use of the xmlsec1 command line tool to verify SAML assertions without restricting the origin of the public key for...

go-saml security vulnerability

go-saml is a sufficiently good SAML client library written in Go open-sourced by Robots and Pencils. A security vulnerability exists in go-saml that stems from an application contains a SAML authentication bypass vulnerability that could lead to an application authentication bypass using go-saml...

Hash Collision

github.com/robotsandpencils/go-saml is vulnerable to hash collision attacks. A remote attacker is able to cause hash collisions through the use of vulnerable SHA-1 in authnrequest.go and authnresponse.go files...

go-saml 数据伪造问题漏洞

go-saml is a good enough SAML client library written in Go open-sourced by Robots and Pencils. A security vulnerability exists in go-saml. An attacker exploits the vulnerability to create inputs that cause hash conflicts based on control over the inputs...

CVE-2020-36563 Weak hash (SHA-1) in github.com/RobotsAndPencils/go-saml

XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input...

GO-2020-0047 Weak hash (SHA-1) in github.com/RobotsAndPencils/go-saml

XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input...