GHSA-qwwj-qj3f-9hv7, CVE-2011-1411
maven/org.opensaml/opensaml
Improper Authentication
Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
All versions starting from 2.4.0 before 2.4.3, all versions starting from 2.5.0 before 2.5.1
Upgrade to versions 2.4.3, 2.5.1 or above.
2022-07-26
source |