2024-02-11 07:00:28 +00:00
{
"id" : "CVE-2024-25718" ,
"sourceIdentifier" : "cve@mitre.org" ,
"published" : "2024-02-11T05:15:08.463" ,
2024-02-11 23:00:28 +00:00
"lastModified" : "2024-02-11T22:29:15.837" ,
"vulnStatus" : "Awaiting Analysis" ,
2024-02-11 07:00:28 +00:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "In the Samly package before 1.4.0 for Elixir, Samly.State.Store.get_assertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry."
}
] ,
"metrics" : { } ,
"references" : [
{
"url" : "https://diff.hex.pm/diff/samly/1.3.0..1.4.0" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "https://github.com/dropbox/samly" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "https://github.com/dropbox/samly/pull/13" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "https://github.com/dropbox/samly/pull/13/commits/812b5c3ad076dc9c9334c1a560c8e6470607d1eb" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "https://github.com/handnot2/samly" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "https://hex.pm/packages/samly" ,
"source" : "cve@mitre.org"
}
]
}
