Lucene search
HistoryDec 28, 2022 - 3:15 a.m.
CVE-2020-36563
cve-2020-36563
hash collisions
security package
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
32.6%
XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input.
Affected configurations
Node
robotsandpencilsgo-samlMatch-go
Related
osv
osv
Weak hash (SHA-1) in github.com/RobotsAndPencils/go-saml
2021-04-14 20:04:52
go-saml's XML Digital Signatures use SHA-1
2022-12-28 03:30:28
prion
prion
Input validation
2022-12-28 03:15:00
veracode
veracode
Hash Collision
2023-01-12 05:02:53
cve
cve
CVE-2020-36563
2022-12-28 03:15:09
cvelist
cvelist
CVE-2020-36563 Weak hash (SHA-1) in github.com/RobotsAndPencils/go-saml
2022-12-27 21:13:29
github
github
go-saml's XML Digital Signatures use SHA-1
2022-12-28 03:30:28
gitlab
gitlab
Use of Weak Hash
2022-12-28 00:00:00
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
32.6%
Related for NVD:CVE-2020-36563