Zendesk Samlr before 2.6.2 allows an XML nodes comment attack such as a name_id node with [email protected] followed by . and then the attacker's domain name.
7.5CVSS
7.5AI Score
0.001EPSS
Prior to 3385, the user-controlled role parameter enters the application in the Kubernetes::RoleVerificationsController. The role parameter flows into the RoleConfigFile initializer and then into the Kubernetes::Util.parse_file method where it is unsafely deserialized using the YAML.load_stream met...
8.8CVSS
8.8AI Score
0.0004EPSS