CVE-2020-7731: NULL Pointer Dereference
(updated )
This affects all versions <0.7.0 of package github.com/russellhaering/gosaml2. There is a crash on nil-pointer dereference caused by sending malformed XML signatures.
References
- github.com/advisories/GHSA-gq5r-cc4w-g8xf
- github.com/advisories/GHSA-prjq-f4q3-fvfr
- github.com/russellhaering/gosaml2/issues/59
- github.com/russellhaering/gosaml2/security/advisories/GHSA-prjq-f4q3-fvfr
- github.com/russellhaering/goxmldsig/issues/48
- snyk.io/vuln/SNYK-GOLANG-GITHUBCOMRUSSELLHAERINGGOSAML2-608302
Detect and mitigate CVE-2020-7731 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →