Vulnerability Report: GO-2021-0060
- CVE-2020-29509, GHSA-xhqq-x44f-9fgg
- Affects: github.com/russellhaering/gosaml2
- Published: Apr 14, 2021
- Modified: Jun 12, 2023
Due to the behavior of encoding/xml, a crafted XML document may cause XML Digital Signature validation to be entirely bypassed, causing an unsigned document to appear signed.
Affected Packages
-
PathVersionsSymbols
-
before v0.6.0
Aliases
References
- https://github.com/russellhaering/gosaml2/commit/42606dafba60c58c458f14f75c4c230459672ab9
- https://vuln.go.dev/ID/GO-2021-0060.json
Credits
- Juho Nurminen
Feedback
See anything missing or incorrect?
Suggest an edit to this report.