VulnerableCode Package Details - pkg:golang/github.com/russellhaering/gosaml2@0.6.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:golang/github.com/russellhaering/gosaml2@0.6.0

purl	pkg:golang/github.com/russellhaering/gosaml2@0.6.0

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-w8xe-6aaj-aycr	Authentication Bypass in github.com/russellhaering/gosaml2 ### Impact Given a valid SAML Response, it may be possible for an attacker to mutate the XML document in such a way that gosaml2 will trust a different portion of the document than was signed. Depending on the implementation of the Service Provider this enables a variety of attacks, including users accessing accounts other than the one to which they authenticated in the Identity Provider, or full authentication bypass. ### Patches Service Providers utilizing gosaml2 should upgrade to v0.6.0 or greater.	CVE-2020-29509 GHSA-xhqq-x44f-9fgg

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T13:06:24.182057+00:00	GithubOSV Importer	Fixing	VCID-w8xe-6aaj-aycr	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-xhqq-x44f-9fgg/GHSA-xhqq-x44f-9fgg.json	38.0.0