RSS   Podatności dla 'Pythonsaml'   RSS

2019-04-17
 
CVE-2017-11427

CWE-287
 

 
OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.

 

 >>> Vendor: Onelogin 3 Produkty
Ruby-saml
Pythonsaml
Onelogin saml sso


Copyright 2024, cxsecurity.com

 

Back to Top