Fusionauth

fusionauth

4 CVEs • 3 products

Products (3)

Click to collapse

Toggle

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-45921 1Fusionauth 1Fusionauth Apr 28, 2025 Nov 28, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request. To be specific, an attacker may be able to view or retrieve any file readable by the user running th...Show more FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request. To be specific, an attacker may be able to view or retrieve any file readable by the user running the FusionAuth process.Show less
CVE-2021-27736 1Fusionauth 1Saml V2 Nov 21, 2024 Apr 22, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via a forged AuthnRequest or LogoutRequest because parseFromBytes uses javax.xml.parsers.DocumentBuilderFactory unsafely.
CVE-2020-12676 1Fusionauth 1Samlv2 Nov 21, 2024 Oct 2, 2020 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack".
CVE-2020-7799 1Fusionauth 1Fusionauth Nov 21, 2024 Jan 28, 2020 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allowed to edit e-mail templates (Home -> Settings -> Email Templates) or themes (Home -> Settings -> Themes), can execute commands on the under...Show more An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allowed to edit e-mail templates (Home -> Settings -> Email Templates) or themes (Home -> Settings -> Themes), can execute commands on the underlying operating system by abusing freemarker.template.utility.Execute in the Apache FreeMarker engine that processes custom templates.Show less