Name of the Vulnerable Software and Affected Versions: gosaml2 versions prior to 0.5.0

Description: Given a valid SAML Response, an attacker can potentially modify the document, bypassing signature validation in order to pass off the altered document as a signed one. This enables a variety of attacks, including users accessing accounts other than the one to which they authenticated in the identity provider, or full authentication bypass if an external attacker can obtain an expired, signed SAML Response.

Recommendations: For gosaml2 versions prior to 0.5.0, upgrade to version 0.5.0 or higher to resolve the issue. As a temporary workaround, consider restricting access to SAML authentication endpoints to minimize the risk of exploitation.