7 matches found
Linux Distros Unpatched Vulnerability : CVE-2023-28119
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Prior to version 0.4.13, the package's use of flate.NewReader does...
Grafana 7.3.0-beta1 < 8.5.24, 9.x < 9.2.17, 9.3.x < 9.3.13, 9.4.x < 9.4.9 DoS Vulnerability
Grafana is prone to a denial of service DoS vulnerability in the crewjam/saml library used for SAML integration. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
CVE-2023-28119
The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Prior to version 0.4.13, the package's use of flate.NewReader does not limit the size of the input. The user can pass more than 1 MB of data in the HTTP request to the processing functions, which will be...
CVE-2023-28119 vulnerabilities
Vulnerabilities for packages: grafana...
CVE-2023-28119 crewjam/saml vulnerable to Denial Of Service Via Deflate Decompression Bomb
The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Prior to version 0.4.13, the package's use of flate.NewReader does not limit the size of the input. The user can pass more than 1 MB of data in the HTTP request to the processing functions, which will be...
CVE-2023-28119 crewjam/saml vulnerable to Denial Of Service Via Deflate Decompression Bomb
The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Prior to version 0.4.13, the package's use of flate.NewReader does not limit the size of the input. The user can pass more than 1 MB of data in the HTTP request to the processing functions, which will be...
CVE-2023-28119
CVE-2023-28119 affects crewjam/saml (Go). Root cause: using flate.NewReader without input size limit allows unbounded decompression of HTTP request data, enabling a DoS by repeated requests that can crash the process. A fix is available in v0.4.13. Depending on the environment, exploitation is de...