Duplicate Advisory: gosaml2 is vulnerable to NULL Pointer Dereference from malformed XML signatures
High severity
GitHub Reviewed
Published
Jun 23, 2021
to the GitHub Advisory Database
•
Updated May 30, 2024
Withdrawn
This advisory was withdrawn on May 20, 2024
Description
Published by the National Vulnerability Database
Apr 30, 2021
Reviewed
May 20, 2021
Published to the GitHub Advisory Database
Jun 23, 2021
Withdrawn
May 20, 2024
Last updated
May 30, 2024
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-prjq-f4q3-fvfr. This link is maintained to preserve external references.
Original Description
This affects all versions less than 0.7.0 of package github.com/russellhaering/gosaml2. There is a crash on null pointer dereference caused by sending malformed XML signatures.
References