Lucene search
GoCVELIST:CVE-2020-36563HistoryDec 27, 2022 - 9:13 p.m.
CVE-2020-36563 Weak hash (SHA-1) in github.com/RobotsAndPencils/go-saml
2022-12-2721:13:29
Go
www.cve.org
cve-2020-36563
github.com
robotsandpencils
go-saml
xml digital signatures
hash collisions
security vulnerability
input control
XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input.
CNA Affected
[
{
"vendor": "github.com/RobotsAndPencils/go-saml",
"product": "github.com/RobotsAndPencils/go-saml",
"collectionURL": "https://pkg.go.dev",
"packageName": "github.com/RobotsAndPencils/go-saml",
"programRoutines": [
{
"name": "AuthnRequest.Validate"
},
{
"name": "NewAuthnRequest"
},
{
"name": "NewSignedResponse"
},
{
"name": "ServiceProviderSettings.GetAuthnRequest"
}
],
"defaultStatus": "affected"
}
]Related
osv
osv
Weak hash (SHA-1) in github.com/RobotsAndPencils/go-saml
2021-04-14 20:04:52
go-saml's XML Digital Signatures use SHA-1
2022-12-28 03:30:28
nvd
nvd
CVE-2020-36563
2022-12-28 03:15:09
veracode
veracode
Hash Collision
2023-01-12 05:02:53
prion
prion
Input validation
2022-12-28 03:15:00
cve
cve
CVE-2020-36563
2022-12-28 03:15:09
github
github
go-saml's XML Digital Signatures use SHA-1
2022-12-28 03:30:28
gitlab
gitlab
Use of Weak Hash
2022-12-28 00:00:00