Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
crewjam/saml vulnerable to Denial Of Service Via Deflate Decompression Bomb
Vulnerability Description
The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Prior to version 0.4.13, the package's use of `flate.NewReader` does not limit the size of the input. The user can pass more than 1 MB of data in the HTTP request to the processing functions, which will be decompressed server-side using the Deflate algorithm. Therefore, after repeating the same request multiple times, it is possible to achieve a reliable crash since the operating system kills the process. This issue is patched in version 0.4.13.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
Crewjam Saml 安全漏洞
Vulnerability Description
Crewjam Saml是Crewjam个人开发者的一个基于Go语言实现的可与Saml格式文件进行交互的代码库。 Crewjam Saml 0.4.13之前版本存在安全漏洞,该漏洞源于没有对flate.NewReader限制输入的大小。
CVSS Information
N/A
Vulnerability Type
N/A