mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-01 19:21:37 +00:00
44 lines
1.5 KiB
JSON
44 lines
1.5 KiB
JSON
{
|
|
"id": "CVE-2024-25718",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2024-02-11T05:15:08.463",
|
|
"lastModified": "2024-02-11T22:29:15.837",
|
|
"vulnStatus": "Awaiting Analysis",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "In the Samly package before 1.4.0 for Elixir, Samly.State.Store.get_assertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "En el paquete Samly anterior a 1.4.0 para Elixir, Samly.State.Store.get_assertion/3 puede devolver una sesi\u00f3n caducada, lo que interfiere con el control de acceso porque Samly.AuthHandler usa una sesi\u00f3n almacenada en cach\u00e9 y no la reemplaza, incluso despu\u00e9s de su vencimiento."
|
|
}
|
|
],
|
|
"metrics": {},
|
|
"references": [
|
|
{
|
|
"url": "https://diff.hex.pm/diff/samly/1.3.0..1.4.0",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://github.com/dropbox/samly",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://github.com/dropbox/samly/pull/13",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://github.com/dropbox/samly/pull/13/commits/812b5c3ad076dc9c9334c1a560c8e6470607d1eb",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://github.com/handnot2/samly",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://hex.pm/packages/samly",
|
|
"source": "cve@mitre.org"
|
|
}
|
|
]
|
|
} |