Signature Validation Bypass Affecting github.com/dexidp/dex/connector/saml Open this link in a new tab package, versions >=2.1.0 <2.27.0
Do your applications use this vulnerable package?
4 Jan 2021
29 Dec 2020
Juho Nurminen, Eric Chiang, Stephen Augustus, Márk Sági-Kazár
How to fix?
github.com/dexidp/dex/connector/saml to version 2.27.0 or higher.
Affected versions of this package are vulnerable to Signature Validation Bypass. Disclosures of a few vulnerabilities impact users leveraging the SAML connector.