RSS   Vulnerabilities for 'Saml v2'   RSS

2021-04-22
 
CVE-2021-27736

CWE-611
 

 
FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via a forged AuthnRequest or LogoutRequest because parseFromBytes uses javax.xml.parsers.DocumentBuilderFactory unsafely.

 

 >>> Vendor: Fusionauth 2 Products
Fusionauth
Saml v2


Copyright 2024, cxsecurity.com

 

Back to Top