EUVD-2023-2496

Malicious code in bioql PyPI...

PT-2023-28147 · Sustainsys +1 · Sustainsys.Saml2 +1

Name of the Vulnerable Software and Affected Versions: Sustainsys.Saml2 versions prior to 1.0.3 Sustainsys.Saml2 versions prior to 2.9.2 Description: The Sustainsys.Saml2 library adds SAML2P support to ASP.NET web sites, allowing the web site to act as a SAML2 Service Provider. When a response is...

SAML Security Vulnerabilities

SAML is a library for Ross Kinder individual developers that contains a partial implementation of the saml standard in golang. That is, it allows third parties to authenticate your users, or allows third parties to rely on us to authenticate their users. A security vulnerability exists in...

GHSA-9475-XG6M-J7PW Subject Confirmation Method not validated in Saml2 Authentication Services for ASP.NET

Impact Saml2 tokens are usually used as bearer tokens - a caller that presents a token is assumed to be the subject of the token. There is also support in the Saml2 protocol for issuing tokens that is tied to a subject through other means, e.g. holder-of-key where possession of a private key must...

CVE-2020-5261

The CVE concerns Sustainsys.Saml2 (ASP.NET, NuGet) versions greater than 2.0.0 and less than 2.5.0, which have a faulty Token Replay Detection implementation. Token Replay Detection is cited as a defense in depth for SSO; the 2.5.0 release is patched, while 1.0.1 and earlier are reported as safe....