Github.Com Russellhaering Gosaml2 vulnerabilities

CVE-2023-26483 [MEDIUM] CWE-409 gosaml2 vulnerable to Denial Of Service Via Deflate Decompression Bomb gosaml2 vulnerable to Denial Of Service Via Deflate Decompression Bomb ### Impact SAML Service Providers using this library for SAML authentication support are likely susceptible to Denial of Service attacks. A bug in this library enables attackers to craft a `deflate`-compressed request which will consume significantly more memory during processing than the size of the original request. This

CVE-2020-7711 [HIGH] CWE-476 goxmldsig vulnerable to crash on nil-pointer dereference caused by sending malformed XML signatures goxmldsig vulnerable to crash on nil-pointer dereference caused by sending malformed XML signatures This affects all versions of package github.com/russellhaering/goxmldsig prior to 1.1.1. There is a crash on nil-pointer dereference caused by sending malformed XML signatures. This issue is patched in version 1.1.1.

CVE-2020-29509 [CRITICAL] CWE-115 Authentication Bypass in github.com/russellhaering/gosaml2 Authentication Bypass in github.com/russellhaering/gosaml2 ### Impact Given a valid SAML Response, it may be possible for an attacker to mutate the XML document in such a way that gosaml2 will trust a different portion of the document than was signed. Depending on the implementation of the Service Provider this enables a variety of attacks, including users accessing accounts other than the one to which

CVE-2020-7731 [HIGH] CWE-476 CVE-2020-7731: This affects all versions <0.7.0 of package github.com/russellhaering/gosaml2. There is a crash on n This affects all versions <0.7.0 of package github.com/russellhaering/gosaml2. There is a crash on nil-pointer dereference caused by sending malformed XML signatures.