Lucene search

K

Crewjam Security Vulnerabilities

cve
cve

CVE-2023-28119

The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Prior to version 0.4.13, the package's use of flate.NewReader does not limit the size of the input. The user can pass more than 1 MB of data in the HTTP request to the processing functions, which will be.....

7.5CVSS

7AI Score

0.001EPSS

2023-03-22 08:15 PM
512
cve
cve

CVE-2023-45683

github.com/crewjam/saml is a saml library for the go language. In affected versions the package does not validate the ACS Location URI according to the SAML binding being parsed. If abused, this flaw allows attackers to register malicious Service Providers at the IdP and inject Javascript in the...

7.1CVSS

6AI Score

0.0005EPSS

2023-10-16 07:15 PM
27
cve
cve

CVE-2022-41912

The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in version 0.4.9. There are no workarounds other than upgrading to a fixed...

9.8CVSS

9.4AI Score

0.005EPSS

2022-11-28 03:15 PM
97
2