vulndb/data/osv/GO-2020-0047.json

{
  "id": "GO-2020-0047",
  "published": "2021-04-14T20:04:52Z",
  "modified": "0001-01-01T00:00:00Z",
  "aliases": [
    "CVE-2020-36563",
    "GHSA-5rhg-xhgr-5hfj"
  ],
  "details": "XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input.",
  "affected": [
    {
      "package": {
        "name": "github.com/RobotsAndPencils/go-saml",
        "ecosystem": "Go"
      },
      "ranges": [
        {
          "type": "SEMVER",
          "events": [
            {
              "introduced": "0"
            }
          ]
        }
      ],
      "database_specific": {
        "url": "https://pkg.go.dev/vuln/GO-2020-0047"
      },
      "ecosystem_specific": {
        "imports": [
          {
            "path": "github.com/RobotsAndPencils/go-saml",
            "symbols": [
              "AuthnRequest.Validate",
              "NewAuthnRequest",
              "NewSignedResponse",
              "ServiceProviderSettings.GetAuthnRequest"
            ]
          }
        ]
      }
    }
  ],
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/RobotsAndPencils/go-saml/pull/38"
    }
  ],
  "schema_version": "1.3.1"
}
data/osv: add OSV entries for all reports Create data/osv, containing the OSV version for all reports. This directory will be used as the source for database generation in the future. Set creation times on all existing reports; future reports will take the creation time from the OSV entry history. Change-Id: Ibe0f3a9fc76c0d4afee8102d6a0fd35c7641e97d Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/430682 Run-TryBot: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org> 2022-09-14 01:40:34 +03:00			`{`
			`"id": "GO-2020-0047",`
			`"published": "2021-04-14T20:04:52Z",`
			`"modified": "0001-01-01T00:00:00Z",`
			`"aliases": [`
data/reports: add alias for GO-2020-0047.yaml Aliases: CVE-2020-36563, GHSA-5rhg-xhgr-5hfj Updates golang/vulndb#47 Fixes golang/vulndb#1231 Change-Id: Ie0cb5b058a7a2aae723bbd73e616919781cb3b02 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/461443 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Damien Neil <dneil@google.com> Reviewed-by: Tatiana Bradley <tatiana@golang.org> Run-TryBot: Tatiana Bradley <tatiana@golang.org> Auto-Submit: Tatiana Bradley <tatiana@golang.org> 2023-01-11 00:43:37 +03:00			`"CVE-2020-36563",`
			`"GHSA-5rhg-xhgr-5hfj"`
data/osv: add OSV entries for all reports Create data/osv, containing the OSV version for all reports. This directory will be used as the source for database generation in the future. Set creation times on all existing reports; future reports will take the creation time from the OSV entry history. Change-Id: Ibe0f3a9fc76c0d4afee8102d6a0fd35c7641e97d Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/430682 Run-TryBot: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org> 2022-09-14 01:40:34 +03:00			`],`
internal/database, data/osv: trim whitespace characters in OSV description In GenerateOSVEntry, replace all whitespace characters with single spaces except for paragraph breaks represented by "\n\n". Change-Id: Ia03f0b53c94979fada6316be1346df3f48b9fabe Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/439044 Run-TryBot: Tatiana Bradley <tatiana@golang.org> Reviewed-by: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org> 2022-10-05 19:05:17 +03:00			`"details": "XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input.",`
data/osv: add OSV entries for all reports Create data/osv, containing the OSV version for all reports. This directory will be used as the source for database generation in the future. Set creation times on all existing reports; future reports will take the creation time from the OSV entry history. Change-Id: Ibe0f3a9fc76c0d4afee8102d6a0fd35c7641e97d Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/430682 Run-TryBot: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org> 2022-09-14 01:40:34 +03:00			`"affected": [`
			`{`
			`"package": {`
			`"name": "github.com/RobotsAndPencils/go-saml",`
			`"ecosystem": "Go"`
			`},`
			`"ranges": [`
			`{`
			`"type": "SEMVER",`
			`"events": [`
			`{`
			`"introduced": "0"`
			`}`
			`]`
			`}`
			`],`
			`"database_specific": {`
			`"url": "https://pkg.go.dev/vuln/GO-2020-0047"`
			`},`
			`"ecosystem_specific": {`
			`"imports": [`
			`{`
			`"path": "github.com/RobotsAndPencils/go-saml",`
			`"symbols": [`
			`"AuthnRequest.Validate",`
			`"NewAuthnRequest",`
data/reports: add vulnerable_at to GO-2020-0047.yaml Aliases: CVE-2020-36563, GHSA-5rhg-xhgr-5hfj Updates golang/vulndb#47 Change-Id: I71d1d555fc02f52f25ed4c9b2ab5c17c49a162af Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/462138 Reviewed-by: Tatiana Bradley <tatiana@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Damien Neil <dneil@google.com> Run-TryBot: Tatiana Bradley <tatiana@golang.org> Auto-Submit: Tatiana Bradley <tatiana@golang.org> 2023-01-14 01:34:55 +03:00			`"NewSignedResponse",`
			`"ServiceProviderSettings.GetAuthnRequest"`
data/osv: add OSV entries for all reports Create data/osv, containing the OSV version for all reports. This directory will be used as the source for database generation in the future. Set creation times on all existing reports; future reports will take the creation time from the OSV entry history. Change-Id: Ibe0f3a9fc76c0d4afee8102d6a0fd35c7641e97d Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/430682 Run-TryBot: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org> 2022-09-14 01:40:34 +03:00			`]`
			`}`
			`]`
			`}`
			`}`
			`],`
			`"references": [`
			`{`
			`"type": "WEB",`
			`"url": "https://github.com/RobotsAndPencils/go-saml/pull/38"`
			`}`
internal/report, data/osv: populate schema_version field in osv entries The vulnreport osv command now populates all generated osvs with the current schema version (1.3.1). This CL also updates all previous OSV entries to also have the current schema version. Change-Id: Ie95c91aae0ee623bbf50ff047190a0bbe59893d9 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/452440 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org> Run-TryBot: Maceo Thompson <maceothompson@google.com> 2022-11-21 21:47:08 +03:00			`],`
			`"schema_version": "1.3.1"`
data/osv: add OSV entries for all reports Create data/osv, containing the OSV version for all reports. This directory will be used as the source for database generation in the future. Set creation times on all existing reports; future reports will take the creation time from the OSV entry history. Change-Id: Ibe0f3a9fc76c0d4afee8102d6a0fd35c7641e97d Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/430682 Run-TryBot: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org> 2022-09-14 01:40:34 +03:00			`}`