WARNING: THIS SITE IS A MIRROR OF GITHUB.COM / IT CANNOT LOGIN OR REGISTER ACCOUNTS / THE CONTENTS ARE PROVIDED AS-IS / THIS SITE ASSUMES NO RESPONSIBILITY FOR ANY DISPLAYED CONTENT OR LINKS / IF YOU FOUND SOMETHING MAY NOT GOOD FOR EVERYONE, CONTACT ADMIN AT ilovescratch@foxmail.com
Skip to content

Critical security issues in XML encoding

Critical
justaugustus published GHSA-m9hp-7r99-94h5 Dec 14, 2020

Package

encoding/xml (Golang)

Affected versions

<=2.26.0

Patched versions

2.27.0

Description

Impact

The following vulnerabilities have been disclosed, which impact users leveraging the SAML connector:

Signature Validation Bypass (CVE-2020-15216): GHSA-q547-gmf8-8jr7

encoding/xml instabilities:

Patches

Immediately update to Dex v2.27.0.

Workarounds

There are no known workarounds.

Severity

Critical

CVE ID

CVE-2020-26290

Weaknesses

No CWEs

Credits