Misinterpretation of Input
CVE-2020-29509
Summary
The github.com/russellhaering/gosaml2 package in Go versions prior to v0.6.0 does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.
- HIGH
- NETWORK
- LOW
- UNCHANGED
- NONE
- NONE
- LOW
- LOW
CWE-115 - Misinterpretation of Input
The software misinterprets an input, whether from an attacker or another product, in a security-relevant fashion.
Advisory Timeline
- Published