Lucene search
K

48 matches found

Cvelist
Cvelist
added 2023/03/22 7:51 p.m.42 views

CVE-2023-28119 crewjam/saml vulnerable to Denial Of Service Via Deflate Decompression Bomb

The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Prior to version 0.4.13, the package's use of flate.NewReader does not limit the size of the input. The user can pass more than 1 MB of data in the HTTP request to the processing functions, which will be...

7.5CVSS7.3AI score0.00957EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/03/22 7:51 p.m.11 views

CVE-2023-28119 crewjam/saml vulnerable to Denial Of Service Via Deflate Decompression Bomb

The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Prior to version 0.4.13, the package's use of flate.NewReader does not limit the size of the input. The user can pass more than 1 MB of data in the HTTP request to the processing functions, which will be...

7.5CVSS7.2AI score0.00957EPSS
Exploits0References2
CVE
CVE
added 2023/03/22 7:51 p.m.773 views

CVE-2023-28119

CVE-2023-28119 affects crewjam/saml (Go). Root cause: using flate.NewReader without input size limit allows unbounded decompression of HTTP request data, enabling a DoS by repeated requests that can crash the process. A fix is available in v0.4.13. Depending on the environment, exploitation is de...

7.5CVSS7.1AI score0.00957EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/03/22 12:0 a.m.6 views

PT-2023-21576 · Saml +1 · Saml +1

Name of the Vulnerable Software and Affected Versions: github.com/crewjam/saml versions prior to 0.4.13 Description: The issue arises from the package's use of flate.NewReader without limiting the size of the input. This allows a user to pass more than 1 MB of data in an HTTP request to the...

9.8CVSS7.4AI score0.84607EPSS
Exploits5References89
CNNVD
CNNVD
added 2023/03/22 12:0 a.m.10 views

Crewjam Saml 安全漏洞

Crewjam Saml is a Go-based implementation of a codebase that interacts with Saml format files by the individual developers of Crewjam. A security vulnerability exists in Crewjam Saml versions prior to 0.4.13, which stems from not limiting the size of input to flate.NewReader...

7.5CVSS7.2AI score0.00957EPSS
Exploits0References3
OSV
OSV
added 2022/11/29 11:55 p.m.24 views

GHSA-J2JP-WVQG-WC2G crewjam/saml vulnerable to signature bypass via multiple Assertion elements due to improper authentication

Impact The crewjam/saml go library is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. Patches This issue has been corrected in version 0.4.9. Credit This issue was reported by Felix Wilhelm from Google Project Zero...

9.1CVSS7.9AI score0.02179EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2022/11/29 11:55 p.m.39 views

crewjam/saml vulnerable to signature bypass via multiple Assertion elements due to improper authentication

Impact The crewjam/saml go library is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. Patches This issue has been corrected in version 0.4.9. Credit This issue was reported by Felix Wilhelm from Google Project Zero...

9.8CVSS9.2AI score0.02179EPSS
Exploits0References8Affected Software1
RedhatCVE
RedhatCVE
added 2022/11/29 6:26 a.m.43 views

CVE-2022-41912

An authentication bypass flaw was discovered in the crewjam/saml go package. A remote unauthenticated attacker could trigger it by sending a SAML request. This would allow an escalation of privileges and then enable compromising system integrity...

9.1CVSS5AI score0.02179EPSS
Exploits0References4
NVD
NVD
added 2022/11/28 3:15 p.m.37 views

CVE-2022-41912

The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in version 0.4.9. There are no workarounds other than upgrading to a fixed version...

9.8CVSS0.02179EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2022/11/28 3:15 p.m.37 views

CVE-2022-41912

The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in version 0.4.9. There are no workarounds other than upgrading to a fixed version...

9.8CVSS6.8AI score0.02179EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2022/11/28 12:0 a.m.7 views

CVE-2022-41912 crewjam/saml go library is vulnerable to signature bypass via multiple Assertion elements

The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in version 0.4.9. There are no workarounds other than upgrading to a fixed version...

9.1CVSS9.6AI score0.02179EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/11/28 12:0 a.m.38 views

CVE-2022-41912 crewjam/saml go library is vulnerable to signature bypass via multiple Assertion elements

The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in version 0.4.9. There are no workarounds other than upgrading to a fixed version...

9.1CVSS9.8AI score0.02179EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2022/11/28 12:0 a.m.34 views

CVE-2022-41912

Removed by vendor...

9.8CVSS7.9AI score0.02179EPSS
Exploits0
CVE
CVE
added 2022/11/28 12:0 a.m.201 views

CVE-2022-41912

Affected software: crewjam/saml Go library

9.8CVSS9.5AI score0.02179EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2022/11/28 12:0 a.m.2 views

PT-2022-26143 · Unknown · Crewjam/Saml

Name of the Vulnerable Software and Affected Versions: crewjam/saml go library versions prior to 0.4.9 Description: The issue concerns an authentication bypass when processing SAML responses containing multiple Assertion elements. This has been corrected in version 0.4.9. There are no workarounds...

9.8CVSS8AI score0.02179EPSS
Exploits0References18
OSV
OSV
added 2022/11/28 12:0 a.m.23 views

CVE-2022-41912 crewjam/saml go library is vulnerable to signature bypass via multiple Assertion elements

The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in version 0.4.9. There are no workarounds other than upgrading to a fixed version...

9.1CVSS8AI score0.02179EPSS
Exploits0References5
OSV
OSV
added 2021/06/23 5:29 p.m.26 views

GHSA-4HQ8-GMXX-H6W9 XML Processing error in github.com/crewjam/saml

Impact There are three vulnerabilities in the go encoding/xml package that can allow an attacker to forge part of a signed XML document. For details on this vulnerability see xml-roundtrip-validator Patches In version 0.4.3, all XML input is validated prior to being parsed...

9.8CVSS9.4AI score0.04872EPSS
Exploits1References11
Github Security Blog
Github Security Blog
added 2021/06/23 5:29 p.m.97 views

XML Processing error in github.com/crewjam/saml

Impact There are three vulnerabilities in the go encoding/xml package that can allow an attacker to forge part of a signed XML document. For details on this vulnerability see xml-roundtrip-validator Patches In version 0.4.3, all XML input is validated prior to being parsed...

10CVSS9AI score0.04872EPSS
Exploits1References11Affected Software1
RedHat Linux
RedHat Linux
added 2021/05/18 2:45 p.m.5 views

crewjam/saml: authentication bypass in saml authentication

A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

10CVSS7.3AI score0.04872EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2021/01/05 12:0 a.m.29 views

Fedora 32 : grafana (2020-968067abfa)

update to upstream 7.3.6 Note regarding CVE-2020-27846: SAML is not supported in the open source version of Grafana, however the dependency on crewjam/saml is also present in the open source version. This update removes this dependency altogether. Note that Tenable Network Security has extracted...

10CVSS8AI score0.04872EPSS
Exploits1References2
Rows per page
Query Builder