Lucene search
K

5 matches found

vulnersOsv
vulnersOsv
added 2020/06/05 4:13 p.m.3 views

ai.hyacinth.framework:core-service-gateway-server (=0.5.24), au.org.consumerdatastandards:data-holder (>=1.0.0 <=1.12.0) +1476 more potentially affected by CVE-2020-5407 via org.springframework.security:spring-security-core (>=5.2.0.RELEASE <=5.2.3.RELEASE)

org.springframework.security:spring-security-core MAVEN version =5.2.0.RELEASE, =1.0.0, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.12 - br.com.damsete:logging =0.0.1 - cc.cc4414:cc-spring-auth-server =0.5.1 - cc.cc4414:cc-spring-resource-starter =0.5.1 -...

8.8CVSS7.2AI score0.01199EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2020/06/05 4:13 p.m.7 views

com.buession.cas:buession-cas-audit (>=2.0.0 <=2.2.1), com.buession.cas:buession-cas-captcha (>=2.0.0 <=2.2.1) +624 more potentially affected by CVE-2020-5407 via org.springframework.security:spring-security-core (>=5.3.0.RELEASE <=5.3.1.RELEASE)

org.springframework.security:spring-security-core MAVEN version =5.3.0.RELEASE, =2.0.0, =2.0.0, =1.1.1, =1.1.1, =2.0.0, =1.1.1, =2.3.0, =1.1.1, =2.0.0, =2.0.0, =1.3.0, =1.1.1, =1.1.1, =1.1.1, =2.0.0, =2.3.3 and more Source cves: CVE-2020-5407 Source advisory: OSV:GHSA-48RW-J489-928M...

8.8CVSS7.2AI score0.01199EPSS
Exploits0
OSV
OSV
added 2020/05/13 5:15 p.m.18 views

CVE-2020-5407

Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provider component, a malicious user can carefully modify an otherwise valid SAML response and append an...

8.8CVSS6.7AI score0.01199EPSS
Exploits0References7
CVE
CVE
added 2020/05/13 5:0 p.m.86 views

CVE-2020-5407

CVE-2020-5407 describes a signature-wrapping vulnerability in Spring Security (affecting the spring-security-saml2-service-provider path) where an attacker can modify a valid SAML response to inject an arbitrary assertion. Affected are Spring Security 5.2.x before 5.2.4 and 5.3.x before 5.3.2. Ex...

8.8CVSS8.5AI score0.01199EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2020/05/13 5:0 p.m.29 views

CVE-2020-5407 Signature Wrapping Vulnerability with spring-security-saml2-service-provider

Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provider component, a malicious user can carefully modify an otherwise valid SAML response and append an...

8.9AI score0.01199EPSS
Exploits0References7
Rows per page
Query Builder