tyk-identity-broker 授权问题漏洞

tyk-identity-broker is a software application. A service level component is provided that enables authorization of authorized identities and provides authenticated access to various Tyk-supported components such as the Tyk Dashboard, Tyk Developer Portal, and Tyk Gateway API streams e.g., OAuth...

Authentication Bypass

Overview Affected versions of this package are vulnerable to Authentication Bypass via the Go XML parser which can cause SAML authentication bypass. This is because the XML parser doesn’t guarantee integrity in the XML round-trip encoding/decoding XML data. Remediation Upgrade...