github.com/crewjam/saml (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package github.com/crewjam/saml, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (4)
CVE-2020-27846 — CVSS 9.8 (critical): A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest…
CVE-2022-41912 — CVSS 9.1 (critical): The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing…
CVE-2023-28119 — CVSS 7.5 (high): The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Prior to version 0.4.13, the package's use of…
CVE-2023-45683 — CVSS 7.1 (high): github.com/crewjam/saml is a saml library for the go language. In affected versions the package does not validate the ACS Location URI…