Lucene search
K

7 matches found

Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.31 views

Linux Distros Unpatched Vulnerability : CVE-2023-28119

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Prior to version 0.4.13, the package's use of flate.NewReader does...

7.5CVSS6.7AI score0.00957EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2023/04/27 12:0 a.m.21 views

Grafana 7.3.0-beta1 < 8.5.24, 9.x < 9.2.17, 9.3.x < 9.3.13, 9.4.x < 9.4.9 DoS Vulnerability

Grafana is prone to a denial of service DoS vulnerability in the crewjam/saml library used for SAML integration. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

7.5CVSS7.4AI score0.01504EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2023/03/24 1:7 p.m.36 views

CVE-2023-28119

The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Prior to version 0.4.13, the package's use of flate.NewReader does not limit the size of the input. The user can pass more than 1 MB of data in the HTTP request to the processing functions, which will be...

5.3CVSS7.1AI score0.00957EPSS
Exploits0References5
Chainguard
Chainguard
added 2023/03/22 8:15 p.m.494 views

CVE-2023-28119 vulnerabilities

Vulnerabilities for packages: grafana...

7.5CVSS7.5AI score0.00957EPSS
Exploits0
Cvelist
Cvelist
added 2023/03/22 7:51 p.m.42 views

CVE-2023-28119 crewjam/saml vulnerable to Denial Of Service Via Deflate Decompression Bomb

The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Prior to version 0.4.13, the package's use of flate.NewReader does not limit the size of the input. The user can pass more than 1 MB of data in the HTTP request to the processing functions, which will be...

7.5CVSS7.3AI score0.00957EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/03/22 7:51 p.m.11 views

CVE-2023-28119 crewjam/saml vulnerable to Denial Of Service Via Deflate Decompression Bomb

The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Prior to version 0.4.13, the package's use of flate.NewReader does not limit the size of the input. The user can pass more than 1 MB of data in the HTTP request to the processing functions, which will be...

7.5CVSS7.2AI score0.00957EPSS
Exploits0References2
CVE
CVE
added 2023/03/22 7:51 p.m.772 views

CVE-2023-28119

CVE-2023-28119 affects crewjam/saml (Go). Root cause: using flate.NewReader without input size limit allows unbounded decompression of HTTP request data, enabling a DoS by repeated requests that can crash the process. A fix is available in v0.4.13. Depending on the environment, exploitation is de...

7.5CVSS7.1AI score0.00957EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder