CVE-2020-7731

HIGH

gosaml2 < 0.7.0 - Denial of Service via Malformed XML Signature

Title source: llm

Description

This affects all versions <0.7.0 of package github.com/russellhaering/gosaml2. There is a crash on nil-pointer dereference caused by sending malformed XML signatures.

References (3)

Core 3

Core References

Patch, Third Party Advisory

https://github.com/russellhaering/gosaml2/issues/59

Third Party Advisory

https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMRUSSELLHAERINGGOSAML2-608302

Release Notes

https://github.com/russellhaering/gosaml2/releases/tag/v0.7.0

Scores

CVSS v3 7.5

EPSS 0.0166

EPSS Percentile 73.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (3)

gosaml2_project/gosaml2

russellhaering/gosaml2 0 - 0.7.0Go

russellhaering/goxmldsig 0 - 1.1.1Go

Published Apr 30, 2021

Tracked Since Feb 18, 2026