12 matches found
EUVD-2024-0647
Malicious code in bioql PyPI...
CVE-2024-25718
In the Samly package before 1.4.0 for Elixir, Samly.State.Store.getassertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry...
GHSA-H3RW-77W7-92GF Samly access control vulnerability
In the Samly package before 1.4.0 for Elixir, Samly.State.Store.getassertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry...
Samly access control vulnerability
In the Samly package before 1.4.0 for Elixir, Samly.State.Store.getassertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry...
CVE-2024-25718
In the Samly package before 1.4.0 for Elixir, Samly.State.Store.getassertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry...
CVE-2024-25718
In the Samly package before 1.4.0 for Elixir, Samly.State.Store.getassertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry...
Design/Logic Flaw
In the Samly package before 1.4.0 for Elixir, Samly.State.Store.getassertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry...
CVE-2024-25718
In the Samly package before 1.4.0 for Elixir, Samly.State.Store.getassertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry...
CVE-2024-25718
The CVE-2024-25718 issue affects the Samly package for Elixir prior to 1.4.0. The vulnerability stems from Samly.State.Store.get_assertion/3 returning an expired session, and Samly.AuthHandler caching that session so it is not replaced after expiry, potentially bypassing access controls. Affected...
Samly security breach
Samly is used to enable the Plug/Phoenix application via SAML. A security vulnerability exists in Samly versions prior to 1.4.0, which stems from the ability to return expired sessions, which can interfere with access control...
CVE-2024-25718
In the Samly package before 1.4.0 for Elixir, Samly.State.Store.getassertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry...
PT-2024-21111 · Samly · Samly
Name of the Vulnerable Software and Affected Versions: Samly package versions prior to 1.4.0 for Elixir Description: The issue arises from the Samly.State.Store.get assertion/3 function, which can return an expired session. This interferes with access control because Samly.AuthHandler uses a cach...