CVE-2017-1000452: XPath Injection

January 2, 2018 (updated January 17, 2018)

An XML Signature Wrapping vulnerability exists in Samlify which could allow attackers to impersonate arbitrary users.

References

github.com/tngan/samlify/releases/tag/v2.3.0
nvd.nist.gov/vuln/detail/CVE-2017-1000452

Code Behaviors & Features

Detect and mitigate CVE-2017-1000452 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →