CVE-2021-27736
Summary: CVE-2021-27736 affects FusionAuth’s fusionauth-samlv2 library prior to 0.5.4. The issue is an XML External Entity (XXE) vulnerability in parseFromBytes, which uses javax.xml.parsers.DocumentBuilderFactory unsafely on forged AuthnRequest or LogoutRequest messages. This can lead to disclos...