48 matches found
CVE-2026-55671
ZITADEL is an open source identity management platform. From 4.0.0-rc.1 through 4.15.1, ZITADEL's HTTP notification channels, OIDC BackChannel Logout, and SAML metadata URL fetches do not consistently validate user-defined URLs against protected denylist handling, allowing server-side requests to...
GHSA-29JH-8CFQ-RR8X ZITADEL: Server-Side Request Forgery (SSRF) and Denylist Bypass in Outgoing HTTP Components
Summary A Server-Side Request Forgery SSRF vulnerability was discovered in Zitadel affecting: HTTP Notification Channels: Used as an alternative to SMTP/Twilio configurations, sending payloads to user-defined URLs via HTTP POST webhooks. OIDC BackChannel Logout: Terminates sessions across differe...
ZITADEL: Server-Side Request Forgery (SSRF) and Denylist Bypass in Outgoing HTTP Components
Summary A Server-Side Request Forgery SSRF vulnerability was discovered in Zitadel affecting: HTTP Notification Channels: Used as an alternative to SMTP/Twilio configurations, sending payloads to user-defined URLs via HTTP POST webhooks. OIDC BackChannel Logout: Terminates sessions across differe...
CVE-2026-42860
The Open edx Enterprise Service app provides enterprise features to the Open edX platform. From 7.0.2 to 7.0.4, the syncproviderdata endpoint in SAMLProviderDataViewSet fetches SAML metadata from a URL stored in SAMLProviderConfig.metadatasource. An authenticated user with the Enterprise Admin ro...
CVE-2026-42860 Open edx Enterprise Service: SSRF via SAML metadata URL in sync_provider_data endpoint
The Open edx Enterprise Service app provides enterprise features to the Open edX platform. From 7.0.2 to 7.0.4, the syncproviderdata endpoint in SAMLProviderDataViewSet fetches SAML metadata from a URL stored in SAMLProviderConfig.metadatasource. An authenticated user with the Enterprise Admin ro...
CVE-2026-42860 Open edx Enterprise Service: SSRF via SAML metadata URL in sync_provider_data endpoint
The Open edx Enterprise Service app provides enterprise features to the Open edX platform. From 7.0.2 to 7.0.4, the syncproviderdata endpoint in SAMLProviderDataViewSet fetches SAML metadata from a URL stored in SAMLProviderConfig.metadatasource. An authenticated user with the Enterprise Admin ro...
GHSA-64CV-VXPR-J6VC edx-enterprise has SSRF via SAML metadata URL in sync_provider_data endpoint
Summary The syncproviderdata endpoint in SAMLProviderDataViewSet fetches SAML metadata from a URL stored in SAMLProviderConfig.metadatasource. An authenticated user with the Enterprise Admin role can set this field to an arbitrary URL via the SAMLProviderConfigViewSet PATCH endpoint, then trigger...
edx-enterprise has SSRF via SAML metadata URL in sync_provider_data endpoint
Summary The syncproviderdata endpoint in SAMLProviderDataViewSet fetches SAML metadata from a URL stored in SAMLProviderConfig.metadatasource. An authenticated user with the Enterprise Admin role can set this field to an arbitrary URL via the SAMLProviderConfigViewSet PATCH endpoint, then trigger...
EUVD-2022-25983
Malicious code in bioql PyPI...
EUVD-2024-2161
Malicious code in bioql PyPI...
Lunary 跨站脚本漏洞
lunary is lunary open source a production toolkit for LLM . lunary cross-site scripting vulnerability , the vulnerability stems from the SAML IdP XML metadata on user-supplied data lack of effective filtering and escaping , an attacker can use the vulnerability to obtain and modify sensitive...
CVE-2024-5478
A Cross-site Scripting XSS vulnerability exists in the SAML metadata endpoint /auth/saml/$org?.id/metadata of lunary-ai/lunary version 1.2.7. The vulnerability arises due to the application's failure to escape or validate the orgId parameter supplied by the user before incorporating it into the...
GHSA-RPX8-FG6W-RM6X Withdrawn Advisory: lunary-ai/lunary XSS in SAML metadata endpoint
Withdrawn Advisory This advisory has been withdrawn because the lunary npm package is connected to https://github.com/lunary-ai/lunary-js, not the https://github.com/lunary-ai/lunary repo that is discussed in this advisory. The underlying vulnerability report is still valid, but it doesn't affect...
Withdrawn Advisory: lunary-ai/lunary XSS in SAML metadata endpoint
Withdrawn Advisory This advisory has been withdrawn because the lunary npm package is connected to https://github.com/lunary-ai/lunary-js, not the https://github.com/lunary-ai/lunary repo that is discussed in this advisory. The underlying vulnerability report is still valid, but it doesn't affect...
CVE-2024-5478
A Cross-site Scripting XSS vulnerability exists in the SAML metadata endpoint /auth/saml/$org?.id/metadata of lunary-ai/lunary version 1.2.7. The vulnerability arises due to the application's failure to escape or validate the orgId parameter supplied by the user before incorporating it into the...
CVE-2024-5478
A Cross-site Scripting XSS vulnerability exists in the SAML metadata endpoint /auth/saml/$org?.id/metadata of lunary-ai/lunary version 1.2.7. The vulnerability arises due to the application's failure to escape or validate the orgId parameter supplied by the user before incorporating it into the...
CVE-2024-5478 Cross-site Scripting (XSS) in SAML metadata endpoint in lunary-ai/lunary
A Cross-site Scripting XSS vulnerability exists in the SAML metadata endpoint /auth/saml/$org?.id/metadata of lunary-ai/lunary version 1.2.7. The vulnerability arises due to the application's failure to escape or validate the orgId parameter supplied by the user before incorporating it into the...
CVE-2024-5478 Cross-site Scripting (XSS) in SAML metadata endpoint in lunary-ai/lunary
A Cross-site Scripting XSS vulnerability exists in the SAML metadata endpoint /auth/saml/$org?.id/metadata of lunary-ai/lunary version 1.2.7. The vulnerability arises due to the application's failure to escape or validate the orgId parameter supplied by the user before incorporating it into the...
CVE-2024-5478
CVE-2024-5478 affects lunary-ai/lunary v1.2.7. Root cause: user-supplied orgId is embedded directly into XML/SAML metadata without proper escaping/validation, enabling XSS via the /auth/saml/${org?.id}/metadata endpoint. Impact: potential theft of user cookies or authentication tokens through inj...
PT-2024-36418 · Lunary Ai · Lunary
Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version 1.2.7 Description: A Cross-site Scripting XSS issue exists due to the application's failure to escape or validate the orgId parameter supplied by the user before incorporating it into the generated response. The...