GHSA-gq5r-cc4w-g8xf: Duplicate Advisory: gosaml2 is vulnerable to NULL Pointer Dereference from malformed XML signatures
(updated )
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-prjq-f4q3-fvfr. This link is maintained to preserve external references.
Original Description
This affects all versions less than 0.7.0 of package github.com/russellhaering/gosaml2. There is a crash on null pointer dereference caused by sending malformed XML signatures.
References
- github.com/advisories/GHSA-gq5r-cc4w-g8xf
- github.com/russellhaering/gosaml2
- github.com/russellhaering/gosaml2/commit/66e3b7affd622b8b24ea1e18845f045e46b23424
- github.com/russellhaering/gosaml2/issues/59
- github.com/russellhaering/gosaml2/pull/90
- github.com/russellhaering/gosaml2/releases/tag/v0.7.0
- github.com/russellhaering/goxmldsig/issues/48
- nvd.nist.gov/vuln/detail/CVE-2020-7731
- snyk.io/vuln/SNYK-GOLANG-GITHUBCOMRUSSELLHAERINGGOSAML2-608302
Detect and mitigate GHSA-gq5r-cc4w-g8xf with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →