CVE-2017-12874: Improper Input Validation

September 1, 2017 (updated May 6, 2019)

The InfoCard module for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities.

References

simplesamlphp.org/security/201612-03

Detect and mitigate CVE-2017-12874 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →