CVE-2020-36563 Information

Description

XML Digital Signatures generated and validated using this package use SHA-1 which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input.

Reference

https://pkg.go.dev/vuln/GO-2020-0047 https://github.com/RobotsAndPencils/go-saml/pull/38