VYPR

Go modules package

github.com/robotsandpencils/go-saml

pkg:golang/github.com/robotsandpencils/go-saml

Vulnerabilities (2)

  • CVE-2023-48703Mar 6, 2024
    affected <= 0.0.0-20230606195814-29020529affc

    RobotsAndPencils go-saml, a SAML client library written in Go, contains an authentication bypass vulnerability in all known versions. This is due to how the `xmlsec1` command line tool is called internally to verify the signature of SAML assertions. When `xmlsec1` is used without

  • CVE-2020-36563Dec 27, 2022
    affected <= 0.0.0-20170520135329-fb13cb52a46b

    XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input.