XXE in esaml SAML library allows local file read and potential SSRF

XML External Entity (XXE) vulnerability in esaml (and its forks) allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages. esaml parses attacker-controlled SAML messages using xmerl_scan:string/2 before signature verification without disabling XML entity expansion. On Erlang/OTP versions before 27, Xmerl allows entities by default, enabling pre-signature XXE attacks. An attacker can cause the host to read local files (e.g., Kubernetes-mounted secrets) into the SAML document. If the attacker is not a trusted SAML SP, signature verification will fail and the document is discarded, but file contents may still be exposed through logs or error messages. This issue affects all versions of esaml, including forks by arekinath, handnot2, and dropbox. Users running on Erlang/OTP 27 or later are not affected due to Xmerl defaulting to entities disabled.

N/A

XML外部实体引用的不恰当限制(XXE)

esaml 安全漏洞

esaml是澳大利亚Lexi Wilson个人开发者的一个用于处理SAML认证的库，提供SAML服务提供者和身份提供者的功能。 esaml存在安全漏洞，该漏洞源于XML实体扩展未禁用，可能导致XML外部实体攻击，从而读取本地文件或执行服务端请求伪造。

N/A

N/A