2 matches found
PT-2026-51078
Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description SAML token validation in the SamlSecurityTokenHandler does not enforce SubjectConfirmation method URIs or holder-of-key proof keys. This allows an attacker to...
Improper Verification of Cryptographic Signature
Overview symfony/security-http is a provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the actual authorization logic from so called user providers that hold the users credentials. Affected versions of this package are vulnerable to...