← Back

Saml V2

saml_v2

Vendor: Fusionauth • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-27736
1Fusionauth
1Saml V2
Nov 21, 2024
Apr 22, 2021
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via a forged AuthnRequest or LogoutRequest because parseFromBytes uses javax.xml.parsers.DocumentBuilderFactory unsafely.