CVE-2019-3465: Improper Input Validation

November 7, 2019 (updated November 15, 2019)

Rob Richards XmlSecLibs, as used for example by SimpleSAMLphp, performs incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message.

References

nvd.nist.gov/vuln/detail/CVE-2019-3465
seclists.org/bugtraq/2019/Nov/8

Code Behaviors & Features

Detect and mitigate CVE-2019-3465 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →