MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdxNXItY2M0dy1nOHhm

High CVSS: 7.5

Permalink JSON

Duplicate Advisory: gosaml2 is vulnerable to NULL Pointer Dereference from malformed XML signatures

Affected Packages	Affected Versions	Fixed Versions
go:github.com/russellhaering/goxmldsig PURL: `pkg:go/github.com%2Frussellhaering%2Fgoxmldsig`	< 1.1.1	1.1.1
466 Dependent packages 1,514 Dependent repositories Affected Version Ranges All affected versions v1.1.0 All unaffected versions v1.1.1, v1.2.0, v1.3.0, v1.4.0, v1.5.0
go:github.com/russellhaering/gosaml2 PURL: `pkg:go/github.com%2Frussellhaering%2Fgosaml2`	< 0.7.0	0.7.0
65 Dependent packages 155 Dependent repositories Affected Version Ranges All affected versions v0.1.0, v0.2.0, v0.3.0, v0.3.1, v0.4.0, v0.5.0, v0.6.0 All unaffected versions v0.7.0, v0.8.0, v0.8.1, v0.9.0, v0.9.1, v0.10.0

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-prjq-f4q3-fvfr. This link is maintained to preserve external references.

Original Description

This affects all versions less than 0.7.0 of package github.com/russellhaering/gosaml2. There is a crash on null pointer dereference caused by sending malformed XML signatures.

References:

Identifiers

GHSA-gq5r-cc4w-g8xf

Risk

Severity

High

CVSS

CVSS Score: 7.5

CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/russellhaering/gosaml2
View on Ecosyste.ms

Date and time

Published

over 4 years ago

Updated

about 23 hours ago

Withdrawn

over 1 year ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories