Package impact
Go / github.com/russellhaering/gosaml2
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2020-29509 | medium | — | 5.5 | 4y ago | The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that … | |
| CVE-2023-26483 | unknown | — | — | 3y ago | Denial of service via deflate decompression bomb in github.com/russellhaering/gosaml2 | |
| CVE-2020-7711 | unknown | — | — | 5y ago | This affects all versions of package github.com/russellhaering/goxmldsig. There is a crash on nil-pointer dereference caused by sending malformed XML signatures. | |
| CVE-2020-7731 | unknown | — | — | 5y ago | Panic due to malformed XML digital signature in github.com/russellhaering/goxmldsig |