exploitDog

CVE-2020-36563

Опубликовано: 28 дек. 2022

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input.

Ссылки

https://github.com/RobotsAndPencils/go-saml/pull/38
Patch
Third Party Advisory
https://pkg.go.dev/vuln/GO-2020-0047
Patch
Vendor Advisory
https://github.com/RobotsAndPencils/go-saml/pull/38
Patch
Third Party Advisory
https://pkg.go.dev/vuln/GO-2020-0047
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:robotsandpencils:go-saml:-:*:*:*:*:go:*:*

EPSS

Процентиль: 31%

0.00116

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-347

Связанные уязвимости

GHSA-5rhg-xhgr-5hfj

CVSS3: 5.3

github

около 3 лет назад

go-saml's XML Digital Signatures use SHA-1

EPSS

Процентиль: 31%

0.00116

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-347