onelogin/php-saml Improper signature validation on LogoutRequest/LogoutResponse.

In order to verify Signatures on Logoutrequests and LogoutResponses we use the verifySignature of the class XMLSecurityKey from the xmlseclibs library. That method end up calling opensslverify depending on the signature algorithm used. The opensslverify function returns 1 when the signature was...

Sitecore Experience Platform 代码问题漏洞

Sitecore Experience Platform XP is a suite of customer digital experience platforms from Sitecore, Denmark. A security vulnerability exists in Sitecore Experience Platform version 10.2 and earlier, which stems from a deserialization vulnerability in the presence of untrustworthy data, allowing...