Users should upgrade to node-saml version 4.0.0-beta5 or newer. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered.
A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. Node SAML is a SAML 2.0 library based on the SAML implementation of passport-saml. As a workaround, please one of the following approaches depending on your use case: instead of searching for elements in the whole DOM, only search in the `documentElement`or reject a document with a document that has more then 1 `childNode`. Exploitation of this issue does not require user interaction.Ī vulnerability has been identified in Polarion ALM (All versions =0.9.0-beta.4 (dist-tag next). An attacker with low privileges can trigger a specially crafted script to a security feature bypass. Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint.Īdobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an XML Injection vulnerability. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value). When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. If a user opens a specially crafted project file, sensitive information on the system where the affected product is installed may be disclosed.Īn issue was discovered in libxml2 before 2.10.4. Improper restriction of XML external entity reference (XXE) vulnerability exists in FRENIC RHC Loader v1.1.0.3 and earlier.
Shenzen Tenda Technology IP Camera CP3 V11.041355 allows unauthenticated remote code execution via an XML document. There are no known workarounds apart from upgrading to a version including the fix. This problem has been patched in XWiki 14.10.4 and 15.0 RC1 by making sure that data attributes only contain allowed characters. The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid ` are removed in all attribute names. XML Signature Wrapping (XSW) in SAML-based Single Sign-on feature in TOPdesk v12.10.12 allows bad actors with credentials to authenticate with the Identity Provider (IP) to impersonate any TOPdesk user via SAML Response manipulation. FLVMeta v1.2.1 was discovered to contain a buffer overflow via the xml_on_metadata_tag_only function at dump_xml.c.
0 kommentar(er)
