Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attackers to spoof SAML responses or possibly cause a denial of service (memory consumption) by leveraging improper conversion of return values to boolean.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SimpleSAMLphp和simplesamlphp/saml2库安全漏洞
Vulnerability Description
SimpleSAMLphp是一套实现了SAML 2.0服务提供者和标识提供者功能的PHP身份验证应用程序。simplesamlphp/saml2 library是其中的一个用于实现SAML2的库。 SimpleSAMLphp和simplesamlphp/saml2库中的SAML2\Utils类的validateSignature方法存在安全漏洞。远程攻击者可利用该漏洞伪造SAML响应或造成拒绝服务(内存消耗)。以下版本受到影响:SimpleSAMLphp 1.14.10版本;simplesamlphp/s
CVSS Information
N/A
Vulnerability Type
N/A