Known vulnerabilities in the com.linecorp.armeria:armeria-saml package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
C Missing Critical Step in Authentication Affected versions of this package are vulnerable to Missing Critical Step in Authentication due to the improper filtering of SAML messages. An attacker can bypass authentication measures by crafting malicious SAML messages. Note: This vulnerability is only present when the binding protocol is `HTTP POST`. An unsigned SAML message is rejected as expected when the binding protocol is `HTTP redirect`. How to fix Missing Critical Step in Authentication? Upgrade `com.linecorp.armeria:armeria-saml` to version 1.27.2 or higher.	[,1.27.2)

Missing Critical Step in Authentication

Affected versions of this package are vulnerable to Missing Critical Step in Authentication due to the improper filtering of SAML messages. An attacker can bypass authentication measures by crafting malicious SAML messages.

Note:

This vulnerability is only present when the binding protocol is HTTP POST. An unsigned SAML message is rejected as expected when the binding protocol is HTTP redirect.

How to fix Missing Critical Step in Authentication?

Upgrade com.linecorp.armeria:armeria-saml to version 1.27.2 or higher.

[,1.27.2)

Go back to all versions of this package