Lucene search
Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-59CEBC757F69E4882041DD2ADFB325ACHistoryDec 28, 2022 - 12:00 a.m.
Use of Weak Hash
2022-12-2800:00:00
https://gitlab.com/gitlab-org/security-products/gemnasium-db
gitlab.com
6
weak hash
xml signatures
security vulnerability
hash collisions
input control
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
32.6%
XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input.
Affected configurations
Node
gogo-samlRange≤v0.0.0-20170520135329-fb13cb52a46b
| CPE | Name | Operator | Version |
|---|---|---|---|
| go/github.com/robotsandpencils/go-saml | le | v0.0.0-20170520135329-fb13cb52a46b |
Related
osv
osv
Weak hash (SHA-1) in github.com/RobotsAndPencils/go-saml
2021-04-14 20:04:52
go-saml's XML Digital Signatures use SHA-1
2022-12-28 03:30:28
prion
prion
Input validation
2022-12-28 03:15:00
veracode
veracode
Hash Collision
2023-01-12 05:02:53
cve
cve
CVE-2020-36563
2022-12-28 03:15:09
cvelist
cvelist
CVE-2020-36563 Weak hash (SHA-1) in github.com/RobotsAndPencils/go-saml
2022-12-27 21:13:29
nvd
nvd
CVE-2020-36563
2022-12-28 03:15:09
github
github
go-saml's XML Digital Signatures use SHA-1
2022-12-28 03:30:28
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
32.6%
Related for GITLAB-59CEBC757F69E4882041DD2ADFB325AC