CVE-2021-27736

Published: 22/04/2021 Updated: 27/04/2021

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 357

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

FusionAuth fusionauth-samlv2 prior to 0.5.4 allows XXE attacks via a forged AuthnRequest or LogoutRequest because parseFromBytes uses javax.xml.parsers.DocumentBuilderFactory unsafely.

Vulnerable Product	Search on Vulmon	Subscribe to Product
fusionauth saml v2

SAML2 Burp Extension

SAML Raider - SAML2 Burp Extension Description SAML Raider is a Burp Suite extension for testing SAML infrastructures It contains two core functionalities: Manipulating SAML Messages and manage X509 certificates This software was created by Roland Bischofberger and Emanuel Duss (@emanuelduss) during a bachelor thesis at the Hochschule für Technik Rapperswil (HSR) Our p

SAML v2.0 bindings in Java using JAXB

fusionauth-samlv2 This repository is SAML v20 bindings in Java using JAXB You'd use this library to process SAML requests and responses See the tests for example code Security disclosures If you find a vulnerability or other security related bug, please send a note to security@fusionauthio before opening a GitHub issue This will allow us to assess the disclosure and

CWE-611 https://www.compass-security.com/fileadmin/Research/Advisories/2021-03_CSNC-2021-004_FusionAuth_SAML_Library_XML_External_Entity.txt https://github.com/FusionAuth/fusionauth-samlv2/compare/0.5.3...0.5.4 https://github.com/FusionAuth/fusionauth-samlv2/commit/c66fb689d50010662f705d5b585c6388ce555dbd https://nvd.nist.gov https://github.com/CompassSecurity/SAMLRaider

CVE-2021-27736

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect