2 matches found
GHSA-4M6J-23P2-8C54 Armeria SAML authentication bypass due to missing validation on unsigned SAML messages
Impact The SAML implementation provided by armeria-saml currently accepts unsigned SAML messages assertions, logout requests, etc. as they are, rather than rejecting them by default. As a result, an attacker can forge a SAML message to authenticate themselves, despite the fact that such an unsign...
com.linecorp.armeria:armeria-brave (>=0.88.0 <=0.96.0), com.linecorp.armeria:armeria-grpc (>=0.85.0 <=0.96.0) +47 more potentially affected by CVE-2019-16771 via com.linecorp.armeria:armeria (>=0.85.0 <=0.96.0)
com.linecorp.armeria:armeria MAVEN version =0.85.0, =0.88.0, =0.85.0, =0.85.0, =0.85.0, =0.85.0, =0.85.0, =0.85.0, =0.85.0, =0.85.0, =0.85.0, =0.85.0, =0.85.0, =0.85.0, =0.85.0, =0.85.0, =0.96.0 and more Source cves: CVE-2019-16771 Source advisory: OSV:GHSA-35FR-H7JR-HH86...