VDB
CVE-2020-7731
CVE-2020-7731
PUBLISHED
CVSS 7.5 HIGH
This affects all versions <0.7.0 of package github.com/russellhaering/gosaml2. There is a crash on nil-pointer dereference caused by sending malformed XML signatures.
EPSS 0.60% · 70.0th percentile
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
EPSS Score
0.60%
70.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| gosaml2_project | gosaml2 | |
| github.com | russellhaering/gosaml2 | 0 |
| n/a | github.com/russellhaering/gosaml2 | 0 |
| github.com | russellhaering/goxmldsig | 0 |
Exploit Intelligence
Timeline
- Apr 30, 2021 CVE Published
- May 1, 2021 EPSS Score
- Jun 23, 2021 CVE Updated
- Jul 4, 2021 EPSS Score
- Sep 4, 2021 EPSS Score
- Nov 5, 2021 EPSS Score
- Jan 7, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Mar 10, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 11, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
References
- https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMRUSSELLHAERINGGOSAML2-608302 url
- https://github.com/russellhaering/gosaml2/issues/59 url
- https://github.com/russellhaering/gosaml2/releases/tag/v0.7.0 url
- https://github.com/russellhaering/gosaml2/security/advisories/GHSA-prjq-f4q3-fvfr url
- https://github.com/russellhaering/goxmldsig/issues/48 url
- https://github.com/russellhaering/gosaml2/pull/90 url
- https://github.com/russellhaering/gosaml2/commit/66e3b7affd622b8b24ea1e18845f045e46b23424 url
- https://github.com/russellhaering/gosaml2 package