Shibboleth XMLTooling prior to 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. (This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows.)
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
shibboleth xmltooling |
||
debian debian linux 11.0 |
||
debian debian linux 12.0 |