Vulnerability Report: GO-2020-0047
- CVE-2020-36563, GHSA-5rhg-xhgr-5hfj
- Affects: github.com/RobotsAndPencils/go-saml
- Published: Apr 14, 2021
- Modified: May 20, 2024
XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input.
Affected Packages
-
PathGo VersionsSymbols
-
all versions, no known fixed
Aliases
References
- https://github.com/RobotsAndPencils/go-saml/pull/38
- https://vuln.go.dev/ID/GO-2020-0047.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.