org.springframework.security:spring-security-saml2-service-provider@5.3.0.RELEASE vulnerabilities
-
latest version
6.2.4
-
latest non vulnerable version
-
first published
5 years ago
-
latest version published
a month ago
-
licenses detected
- [5.2.0.RELEASE,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.springframework.security:spring-security-saml2-service-provider package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.springframework.security:spring-security-saml2-service-provider is a security component for the Spring Framework. Affected versions of this package are vulnerable to Authentication Bypass. A malicious user can carefully modify an otherwise valid SAML response and append an arbitrary assertion that Spring Security will accept as valid. How to fix Authentication Bypass? Upgrade |
[5.3.0.RELEASE,5.3.2.RELEASE)
[5.2.0.RELEASE,5.2.4.RELEASE)
|