GHSA-gq5r-cc4w-g8xf

Опубликовано: 23 июн. 2021

Источник: github

Github: Прошло ревью

CVSS3: 7.5

Описание

Duplicate Advisory: gosaml2 is vulnerable to NULL Pointer Dereference from malformed XML signatures

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-prjq-f4q3-fvfr. This link is maintained to preserve external references.

Original Description

This affects all versions less than 0.7.0 of package github.com/russellhaering/gosaml2. There is a crash on null pointer dereference caused by sending malformed XML signatures.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2020-7731
https://github.com/russellhaering/gosaml2/issues/59
https://github.com/russellhaering/goxmldsig/issues/48
https://github.com/russellhaering/gosaml2/pull/90
https://github.com/russellhaering/gosaml2/commit/66e3b7affd622b8b24ea1e18845f045e46b23424
https://github.com/russellhaering/gosaml2/releases/tag/v0.7.0
https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMRUSSELLHAERINGGOSAML2-608302

Пакеты

Наименование

github.com/russellhaering/gosaml2

Затронутые версииВерсия исправления

< 0.7.0

0.7.0

Наименование

github.com/russellhaering/goxmldsig

Затронутые версииВерсия исправления

< 1.1.1

1.1.1

7.5 High

CVSS3

Дефекты

CWE-476

7.5 High

CVSS3

Дефекты

CWE-476