Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
使用不兼容类型访问资源(类型混淆)
Vulnerability Title
Entrouvert Lasso 安全漏洞
Vulnerability Description
Entrouvert Lasso是法国Entrouvert开源的一个单点登录协议实现库。 Entrouvert Lasso 2.5.1版本和2.8.2版本存在安全漏洞,该漏洞源于lasso_node_impl_init_from_xml功能存在类型混淆,可能导致执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A