Zendesk Samlr before 2.6.2 allows an XML nodes comment attack such as a name_id node with user@example.com followed by <!---->. and then the attacker's domain name.
References
Link | Resource |
---|---|
https://github.com/zendesk/samlr/compare/v2.6.1...v2.6.2 | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-07-26T11:41:03
Updated: 2019-07-26T11:41:03
Reserved: 2019-07-26T00:00:00
Link: CVE-2018-20857
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-07-26T12:15:11.400
Modified: 2019-08-01T16:59:06.440
Link: CVE-2018-20857
JSON object: View
Redhat Information
No data.
CWE