Go modules package
github.com/robotsandpencils/go-saml
pkg:golang/github.com/robotsandpencils/go-saml
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-48703 | — | <= 0.0.0-20230606195814-29020529affc | — | Mar 6, 2024 | RobotsAndPencils go-saml, a SAML client library written in Go, contains an authentication bypass vulnerability in all known versions. This is due to how the `xmlsec1` command line tool is called internally to verify the signature of SAML assertions. When `xmlsec1` is used without | ||
| CVE-2020-36563 | — | <= 0.0.0-20170520135329-fb13cb52a46b | — | Dec 27, 2022 | XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input. |
- CVE-2023-48703Mar 6, 2024affected <= 0.0.0-20230606195814-29020529affc
RobotsAndPencils go-saml, a SAML client library written in Go, contains an authentication bypass vulnerability in all known versions. This is due to how the `xmlsec1` command line tool is called internally to verify the signature of SAML assertions. When `xmlsec1` is used without
- CVE-2020-36563Dec 27, 2022affected <= 0.0.0-20170520135329-fb13cb52a46b
XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input.