EUVD-2022-5599

Malicious code in bioql PyPI...

EUVD-2022-2450

Malicious code in bioql PyPI...

GHSA-JW9C-MFG7-9RX2 SAML authentication bypass via Incorrect XPath selector

Ruby-SAML in = 12.2 and 1.13.0 = 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document by the IdP can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrar...

SAML authentication bypass via Incorrect XPath selector

Ruby-SAML in = 12.2 and 1.13.0 = 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document by the IdP can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrar...

CVE-2024-45409 The Ruby SAML library vulnerable to a SAML authentication bypass via Incorrect XPath selector

The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in = 12.2 and 1.13.0 = 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document by the IdP can thus forge a SAML...

CVE-2024-45409 The Ruby SAML library vulnerable to a SAML authentication bypass via Incorrect XPath selector

The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in = 12.2 and 1.13.0 = 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document by the IdP can thus forge a SAML...

GHSA-X6RC-54XP-CCXX Withdrawn Advisory: Improper Restriction of XML External Entity Reference in Apache ActiveMQ

Withdrawn Advisory This advisory has been withdrawn because further investgation revealed that this is not a security issue. This link is maintained to preserve external references. Original Description XML external entity XXE vulnerability in the XPath selector component in Artemis ActiveMQ befo...

Withdrawn Advisory: Improper Restriction of XML External Entity Reference in Apache ActiveMQ

Withdrawn Advisory This advisory has been withdrawn because further investgation revealed that this is not a security issue. This link is maintained to preserve external references. Original Description XML external entity XXE vulnerability in the XPath selector component in Artemis ActiveMQ befo...

hornetq: XXE/SSRF in XPath selector

An XML External Entity XXE Injection vulnerability was reported in the XPath component of HornetQ...

Xxe

XML external entity XXE vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages...

UBUNTU-CVE-2014-3600

XML external entity XXE vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages...

ActiveMQ: XXE via XPath expression evaluation

It was discovered that Apache ActiveMQ performed XML External Entity XXE expansion when evaluating XPath expressions. A remote, attacker-controlled consumer able to specify an XPath-based selector to dequeue XML messages from an Apache ActiveMQ broker could use this flaw to read files accessible ...