5 matches found
ai.hyacinth.framework:core-service-gateway-server (=0.5.24), au.org.consumerdatastandards:data-holder (>=1.0.0 <=1.12.0) +1476 more potentially affected by CVE-2020-5407 via org.springframework.security:spring-security-core (>=5.2.0.RELEASE <=5.2.3.RELEASE)
org.springframework.security:spring-security-core MAVEN version =5.2.0.RELEASE, =1.0.0, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.12 - br.com.damsete:logging =0.0.1 - cc.cc4414:cc-spring-auth-server =0.5.1 - cc.cc4414:cc-spring-resource-starter =0.5.1 -...
com.buession.cas:buession-cas-audit (>=2.0.0 <=2.2.1), com.buession.cas:buession-cas-captcha (>=2.0.0 <=2.2.1) +624 more potentially affected by CVE-2020-5407 via org.springframework.security:spring-security-core (>=5.3.0.RELEASE <=5.3.1.RELEASE)
org.springframework.security:spring-security-core MAVEN version =5.3.0.RELEASE, =2.0.0, =2.0.0, =1.1.1, =1.1.1, =2.0.0, =1.1.1, =2.3.0, =1.1.1, =2.0.0, =2.0.0, =1.3.0, =1.1.1, =1.1.1, =1.1.1, =2.0.0, =2.3.3 and more Source cves: CVE-2020-5407 Source advisory: OSV:GHSA-48RW-J489-928M...
CVE-2020-5407
Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provider component, a malicious user can carefully modify an otherwise valid SAML response and append an...
CVE-2020-5407
CVE-2020-5407 describes a signature-wrapping vulnerability in Spring Security (affecting the spring-security-saml2-service-provider path) where an attacker can modify a valid SAML response to inject an arbitrary assertion. Affected are Spring Security 5.2.x before 5.2.4 and 5.3.x before 5.3.2. Ex...
CVE-2020-5407 Signature Wrapping Vulnerability with spring-security-saml2-service-provider
Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provider component, a malicious user can carefully modify an otherwise valid SAML response and append an...