Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
XML Signature Bypass via differential XML parsing in ssoready
Vulnerability Description
ssoready is a single sign on provider implemented via docker. Affected versions are vulnerable to XML signature bypass attacks. An attacker can carry out signature bypass if you have access to certain IDP-signed messages. The underlying mechanism exploits differential behavior between XML parsers. Users of https://ssoready.com, the public hosted instance of SSOReady, are unaffected. We advise folks who self-host SSOReady to upgrade to 7f92a06 or later. Do so by updating your SSOReady Docker images from sha-... to sha-7f92a06. There are no known workarounds for this vulnerability.
CVSS Information
N/A
Vulnerability Type
密码学签名的验证不恰当
Vulnerability Title
SSOReady 数据伪造问题漏洞
Vulnerability Description
SSOReady是SSOReady开源的一个企业 SSO 的开源开发工具。 SSOReady存在数据伪造问题漏洞,该漏洞源于受影响的版本容易受到 XML 签名绕过攻击。
CVSS Information
N/A
Vulnerability Type
N/A