Vulnerability CVE-2023-36661
Published: 2023-06-25   Modified: 2023-06-26

Description:
Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. (This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows.)

 References:
https://shibboleth.net/community/advisories/secadv_20230612.txt
Copyright 2026, cxsecurity.com

 

Back to Top