Lucene search
GitHub Advisory DatabaseGHSA-5RHG-XHGR-5HFJHistoryDec 28, 2022 - 3:30 a.m.
go-saml's XML Digital Signatures use SHA-1
2022-12-2803:30:28
CWE-347
GitHub Advisory Database
github.com
5
xml
digital signatures
sha-1
signing
hash collisions
software
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
32.6%
XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input.
Affected configurations
Node
github.com\/robotsandpencils\/gosamlRange≤0.0.0-20170520135329-fb13cb52a46b
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/robotsandpencils/go-saml | le | 0.0.0-20170520135329-fb13cb52a46b |
Related
osv
osv
Weak hash (SHA-1) in github.com/RobotsAndPencils/go-saml
2021-04-14 20:04:52
go-saml's XML Digital Signatures use SHA-1
2022-12-28 03:30:28
prion
prion
Input validation
2022-12-28 03:15:00
veracode
veracode
Hash Collision
2023-01-12 05:02:53
cve
cve
CVE-2020-36563
2022-12-28 03:15:09
cvelist
cvelist
CVE-2020-36563 Weak hash (SHA-1) in github.com/RobotsAndPencils/go-saml
2022-12-27 21:13:29
nvd
nvd
CVE-2020-36563
2022-12-28 03:15:09
gitlab
gitlab
Use of Weak Hash
2022-12-28 00:00:00
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
32.6%
Related for GHSA-5RHG-XHGR-5HFJ