12 matches found
EUVD-2024-0647
Malicious code in bioql PyPI...
CVE-2024-25718
In the Samly package before 1.4.0 for Elixir, Samly.State.Store.getassertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry...
Samly access control vulnerability
In the Samly package before 1.4.0 for Elixir, Samly.State.Store.getassertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry...
GHSA-H3RW-77W7-92GF Samly access control vulnerability
In the Samly package before 1.4.0 for Elixir, Samly.State.Store.getassertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry...
CVE-2024-25718
In the Samly package before 1.4.0 for Elixir, Samly.State.Store.getassertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry...
CVE-2024-25718
In the Samly package before 1.4.0 for Elixir, Samly.State.Store.getassertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry...
Design/Logic Flaw
In the Samly package before 1.4.0 for Elixir, Samly.State.Store.getassertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry...
CVE-2024-25718
The CVE-2024-25718 issue affects the Samly package for Elixir prior to 1.4.0. The vulnerability stems from Samly.State.Store.get_assertion/3 returning an expired session, and Samly.AuthHandler caching that session so it is not replaced after expiry, potentially bypassing access controls. Affected...
CVE-2024-25718
In the Samly package before 1.4.0 for Elixir, Samly.State.Store.getassertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry...
CVE-2024-25718
In the Samly package before 1.4.0 for Elixir, Samly.State.Store.getassertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry...
Samly security breach
Samly is used to enable the Plug/Phoenix application via SAML. A security vulnerability exists in Samly versions prior to 1.4.0, which stems from the ability to return expired sessions, which can interfere with access control...
PT-2024-21111 · Samly · Samly
Name of the Vulnerable Software and Affected Versions: Samly package versions prior to 1.4.0 for Elixir Description: The issue arises from the Samly.State.Store.get assertion/3 function, which can return an expired session. This interferes with access control because Samly.AuthHandler uses a cach...