CVE-2018-5387

Published
View on NVD ↗
CVSS v3
7.5
HIGH
CVSS v2
5
MEDIUM
Affected
1
PROJECT

Description

Wizkunde SAMLBase may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.

GoGentoOSS/SAMLBase
GoGentoOSS/SAMLBaseUNAVAILABLE
Single Sign-On Support using SAML as protocol within PHP. Separate codebases will be built on top of this library
GitHubGitHub