High severityNVD Advisory· Published Apr 30, 2021· Updated Sep 17, 2024
Denial of Service (DoS)
CVE-2020-7731
Description
This affects all versions <0.7.0 of package github.com/russellhaering/gosaml2. There is a crash on nil-pointer dereference caused by sending malformed XML signatures.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/russellhaering/gosaml2Go | < 0.7.0 | 0.7.0 |
github.com/russellhaering/goxmldsigGo | < 1.1.1 | 1.1.1 |
Affected products
3- github.com/russellhaering/gosaml2description
- ghsa-coords2 versions
< 0.7.0+ 1 more
- (no CPE)range: < 0.7.0
- (no CPE)range: < 1.1.1
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-prjq-f4q3-fvfrghsaADVISORY
- github.com/russellhaering/gosaml2/commit/66e3b7affd622b8b24ea1e18845f045e46b23424ghsaWEB
- github.com/russellhaering/gosaml2/issues/59ghsaWEB
- github.com/russellhaering/gosaml2/pull/90ghsaWEB
- github.com/russellhaering/gosaml2/releases/tag/v0.7.0ghsaWEB
- github.com/russellhaering/gosaml2/security/advisories/GHSA-prjq-f4q3-fvfrghsaWEB
- github.com/russellhaering/goxmldsig/issues/48ghsaWEB
- snyk.io/vuln/SNYK-GOLANG-GITHUBCOMRUSSELLHAERINGGOSAML2-608302ghsaWEB
News mentions
0No linked articles in our index yet.