CVE-2019-3465: Improper Input Validation

November 7, 2019 (updated November 15, 2019)

XmlSecLibs performs incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message.

References

simplesamlphp.org/security/201911-01

Detect and mitigate CVE-2019-3465 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →