{"id":"GO-2021-0056","details":"Due to the behavior of encoding/xml, a crafted XML document may cause\nXML Digital Signature validation to be entirely bypassed, causing an\nunsigned document to appear signed.\n","modified":"2022-05-13T18:33:00Z","published":"2021-04-14T20:04:52Z","withdrawn":"2024-05-15T05:37:10.999927Z","references":[{"type":"FIX","url":"https://github.com/dexidp/dex/commit/324b1c886b407594196113a3dbddebe38eecd4e8"},{"type":"WEB","url":"https://github.com/dexidp/dex/security/advisories/GHSA-m9hp-7r99-94h5"}],"affected":[{"package":{"name":"github.com/dexidp/dex/connector/saml","ecosystem":"Go","purl":"pkg:golang/github.com/dexidp/dex/connector/saml"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.0.0-20201214082111-324b1c886b40"}]}],"ecosystem_specific":{"symbols":["provider.HandlePOST"]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2021-0056.json","url":"https://pkg.go.dev/vuln/GO-2021-0056"}}],"schema_version":"1.7.3"}