EUVD-2024-3063

Malicious code in bioql PyPI...

Improper Verification Of Cryptographic Signature

github.com/ssoready/ssoready is vulnerable to Improper Verification of Cryptographic Signature via the onlyPathHoistNamesInternal function. The vulnerability is due to differential XML parsing. Attackers can carry out a signature bypass if they have access to certain IDP-signed messages...

SSOReady has an XML Signature Bypass via differential XML parsing

Affected versions are vulnerable to XML signature bypass attacks. An attacker can carry out signature bypass if you have access to certain IDP-signed messages. The underlying mechanism exploits differential behavior between XML parsers. Users of https://ssoready.com, the public hosted instance of...

GHSA-J2HR-Q93X-GXVH SSOReady has an XML Signature Bypass via differential XML parsing

Affected versions are vulnerable to XML signature bypass attacks. An attacker can carry out signature bypass if you have access to certain IDP-signed messages. The underlying mechanism exploits differential behavior between XML parsers. Users of https://ssoready.com, the public hosted instance of...

GO-2024-3185 XML Signature Bypass via differential XML parsing in ssoready in github.com/ssoready/ssoready

XML Signature Bypass via differential XML parsing in ssoready in github.com/ssoready/ssoready...

CVE-2024-47832

ssoready is a single sign on provider implemented via docker. Affected versions are vulnerable to XML signature bypass attacks. An attacker can carry out signature bypass if you have access to certain IDP-signed messages. The underlying mechanism exploits differential behavior between XML parsers...

CVE-2024-47832 XML Signature Bypass via differential XML parsing in ssoready

ssoready is a single sign on provider implemented via docker. Affected versions are vulnerable to XML signature bypass attacks. An attacker can carry out signature bypass if you have access to certain IDP-signed messages. The underlying mechanism exploits differential behavior between XML parsers...

CVE-2024-47832 XML Signature Bypass via differential XML parsing in ssoready

ssoready is a single sign on provider implemented via docker. Affected versions are vulnerable to XML signature bypass attacks. An attacker can carry out signature bypass if you have access to certain IDP-signed messages. The underlying mechanism exploits differential behavior between XML parsers...

CVE-2024-47832 XML Signature Bypass via differential XML parsing in ssoready

ssoready is a single sign on provider implemented via docker. Affected versions are vulnerable to XML signature bypass attacks. An attacker can carry out signature bypass if you have access to certain IDP-signed messages. The underlying mechanism exploits differential behavior between XML parsers...

CVE-2024-47832

CVE-2024-47832 affects ssoready (SSOReady) when self-hosted as a Docker-based IDP. The issue is an XML signature bypass caused by differing XML parser behaviors, enabling signature bypass if an attacker can access certain IDP-signed messages. Public hosted instance (https://ssoready.com) is unaff...

PT-2024-32842 · Ssoready +1 · Ssoready +1

Name of the Vulnerable Software and Affected Versions: SSOReady versions prior to 7f92a06 Description: The issue concerns XML signature bypass attacks. An attacker can exploit differential behavior between XML parsers to carry out signature bypass if they have access to certain IDP-signed message...