Vulnerabilities (CVE)

Filtered by vendor Fusionauth Subscribe
Filtered by product Saml V2
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-27736 1 Fusionauth 1 Saml V2 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via a forged AuthnRequest or LogoutRequest because parseFromBytes uses javax.xml.parsers.DocumentBuilderFactory unsafely.