PicketLink: Lack of validation for the Destination attribute in a Response element in a SAML assertion
A flaw was found in the way PicketLink's Service Provider SP and Identity Provider IdP handled certain requests. The SP and IdP in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in the SAML assertion matches the location from which the message was...