Zendesk Samlr before 2.6.2 allows an XML nodes comment attack such as a name_id node with [email protected] followed by <!---->. and then the attacker's domain name.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/zendesk/samlr/compare/v2.6.1...v2.6.2 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-07-26T11:41:03
Updated: 2024-08-05T12:12:29.361Z
Reserved: 2019-07-26T00:00:00
Link: CVE-2018-20857
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-07-26T12:15:11.400
Modified: 2024-11-21T04:02:19.603
Link: CVE-2018-20857
Redhat
No data.