CVE-2020-7731: NULL Pointer Dereference

June 23, 2021

This affects all versions of package github.com/russellhaering/gosaml2. There is a crash on nil-pointer dereference caused by sending malformed XML signatures.

References

github.com/advisories/GHSA-gq5r-cc4w-g8xf
github.com/russellhaering/gosaml2/issues/59
nvd.nist.gov/vuln/detail/CVE-2020-7731

Detect and mitigate CVE-2020-7731 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →