OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: duo
Published: 2019-04-17T13:59:19
Updated: 2024-08-05T18:12:39.492Z
Reserved: 2017-07-18T00:00:00
Link: CVE-2017-11427
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-04-17T14:29:00.247
Modified: 2024-11-21T03:07:46.187
Link: CVE-2017-11427
Redhat
No data.