10 matches found
GHSA-RGQ2-93GJ-FFXG Casdoor doesn't enforce SAML assertion time bounds
Casdoor versions 2.362.0 and earlier do not enforce SAML assertion time bounds. The gosaml2 library reports all time-validation results, including NotOnOrAfter and NotBefore, in the assertionInfo.WarningInfo field. However, ParseSamlResponse never reads this field, meaning that time bounds are...
Casdoor 安全漏洞
Casdoor is an open-source platform developed by Casdoor that supports various authentication and authorization protocols. Versions of Casdoor prior to 2.362.0 contained a security vulnerability. This vulnerability stemmed from the lack of enforcement of SAML assertion time ranges. The gosaml2...
GO-2026-4760 CBC Padding Panic — Unauthenticated Process Crash in github.com/russellhaering/gosaml2
CBC Padding Panic — Unauthenticated Process Crash in github.com/russellhaering/gosaml2...
GO-2026-4764 Unsigned SAML LogoutRequest Acceptance in gosaml2 in github.com/russellhaering/gosaml2
Unsigned SAML LogoutRequest Acceptance in gosaml2 in github.com/russellhaering/gosaml2...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the ValidateEncodedLogoutRequestPOST function. An attacker can terminate arbitrary user sessions by sending a forged, unsigned SAML LogoutRequest to the Single Logout endpoint, even...
GHSA-PCGW-QCV5-H8CH Unsigned SAML LogoutRequest Acceptance in gosaml2
Summary The ValidateEncodedLogoutRequestPOST function in gosaml2 accepts completely unsigned SAML LogoutRequest messages even when SkipSignatureValidation is set to false. When validateElementSignature returns dsig.ErrMissingSignature, the code in decodelogoutrequest.go:60-62 silently falls throu...
Improper Validation of Array Index
Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via the DecryptBytes function. An attacker can cause the process or goroutine to crash by sending a crafted AES-CBC encrypted assertion with a plaintext of all zero bytes, which triggers a panic due to...
EUVD-2023-0904
Malicious code in bioql PyPI...
CVE-2023-26483 gosaml2 vulnerable to Denial of Service via deflate decompression bomb
gosaml2 is a Pure Go implementation of SAML 2.0. SAML Service Providers using this library for SAML authentication support are likely susceptible to Denial of Service attacks. A bug in this library enables attackers to craft a deflate-compressed request which will consume significantly more memor...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS. There is a crash on nil-pointer dereference caused by sending malformed XML signatures. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and...