github.com/russellhaering/gosaml2

Go4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting github.com/russellhaering/gosaml2page 1 of 1

CVE-2020-29509CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.6.0
2020-12-14
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during differ…
CVE-2020-7711HIGHCVSS 7.5EG 7.5✓ Fixed in 0.7.0
2020-08-23
This affects all versions of package github.com/russellhaering/goxmldsig. There is a crash on nil-pointer dereference caused by sending malformed XML signatures.
CVE-2020-7731HIGHCVSS 7.5EG 7.5✓ Fixed in 0.7.0
2021-04-30
This affects all versions <0.7.0 of package github.com/russellhaering/gosaml2. There is a crash on nil-pointer dereference caused by sending malformed XML signatures.
CVE-2023-26483MEDIUMCVSS 5.3EG 5.3✓ Fixed in 0.9.0
2023-03-03
gosaml2 is a Pure Go implementation of SAML 2.0. SAML Service Providers using this library for SAML authentication support are likely susceptible to Denial of Service attacks. A bug in this library enables attackers to craft a `deflate`-co…

Check whether github.com/russellhaering/gosaml2 is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/russellhaering/gosaml2 CVEs against the assets you own.

Start Free Scan →