Mattermost, in coordination with Golang, has disclosed 3 critical vulnerabilities within Go language’s XML parscher. These vulnerabilities, also impacting multiple Go-based SAML implementations, can lead to a complete bypass of SAML authentication which powers prominent web applications today. Mattermost has provided a tool “xml-roundtrip-validator”” that can be used as a workaround when incorporating XML validation in your application. There is no patch available to adequately patch these vulnerabilities
Source: