11 matches found
EUVD-2022-7316
Malicious code in bioql PyPI...
CVE-2022-39299
Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML elemen...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to bypass SAML authentication due to passport-saml ( CVE-2022-39299 )
Summary Passport-saml is used by IBM Cloud Pak for Data for SAML authentication. CVE-2022-39299. Vulnerability Details CVEID:CVE-2022-39299 DESCRIPTION: Node.js passport-saml module could allow a remote attacker to bypass security restrictions, caused by improper verification of cryptographic...
Ubuntu 20.04 LTS / 22.04 LTS : xmldom vulnerabilities (USN-6102-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6102-1 advisory. It was discovered that xmldom incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially...
Design/Logic Flaw
xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the childNodes collection of the Document, without reporting any error or...
xmldom allows multiple root nodes in a DOM
Impact xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the childNodes collection of the Document, without reporting any error or throwing. This breaks the assumption that there is only a single root node in the tree, which led ...
Exploit for Improper Verification of Cryptographic Signature in Passport-Saml_Project Passport-Saml
Exploiting CVE-2022-39299 Signature bypass via multiple ro...
CVE-2022-39299
Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML elemen...
CVE-2022-39299
CVE-2022-39299 affects the passport-saml library (Node.js) and allows remote authentication bypass via improper verification of cryptographic signatures in SAML responses. A attacker must present an arbitrary IDP-signed XML element; depending on IdP, fully unauthenticated access may be feasible i...
CVE-2022-39299 Signature bypass via multiple root elements in Passport-SAML
Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML elemen...
CVE-2022-39299 Signature bypass via multiple root elements in Passport-SAML
Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML elemen...