Go modules package
github.com/russellhaering/gosaml2
pkg:golang/github.com/russellhaering/gosaml2
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-26483 | — | < 0.9.0 | 0.9.0 | Mar 3, 2023 | gosaml2 is a Pure Go implementation of SAML 2.0. SAML Service Providers using this library for SAML authentication support are likely susceptible to Denial of Service attacks. A bug in this library enables attackers to craft a `deflate`-compressed request which will consume signi | ||
| CVE-2020-7731 | — | < 0.7.0 | 0.7.0 | Apr 30, 2021 | This affects all versions <0.7.0 of package github.com/russellhaering/gosaml2. There is a crash on nil-pointer dereference caused by sending malformed XML signatures. | ||
| CVE-2020-29509 | — | < 0.6.0 | 0.6.0 | Dec 14, 2020 | The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected down | ||
| CVE-2020-7711 | — | < 0.7.0 | 0.7.0 | Aug 23, 2020 | This affects all versions of package github.com/russellhaering/goxmldsig. There is a crash on nil-pointer dereference caused by sending malformed XML signatures. |
- CVE-2023-26483Mar 3, 2023affected < 0.9.0fixed 0.9.0
gosaml2 is a Pure Go implementation of SAML 2.0. SAML Service Providers using this library for SAML authentication support are likely susceptible to Denial of Service attacks. A bug in this library enables attackers to craft a `deflate`-compressed request which will consume signi
- CVE-2020-7731Apr 30, 2021affected < 0.7.0fixed 0.7.0
This affects all versions <0.7.0 of package github.com/russellhaering/gosaml2. There is a crash on nil-pointer dereference caused by sending malformed XML signatures.
- CVE-2020-29509Dec 14, 2020affected < 0.6.0fixed 0.6.0
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected down
- CVE-2020-7711Aug 23, 2020affected < 0.7.0fixed 0.7.0
This affects all versions of package github.com/russellhaering/goxmldsig. There is a crash on nil-pointer dereference caused by sending malformed XML signatures.