Описание
Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| shibboleth-sp | fixed | 3.2.1+dfsg1-1 | package | |
| shibboleth-sp2 | removed | package |
Примечания
https://shibboleth.net/community/advisories/secadv_20210317.txt
https://issues.shibboleth.net/jira/browse/SSPCPP-922
https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=d1dbebfadc1bdb824fea63843c4c38fa69e54379
Связанные уязвимости
CVSS3: 5.3
ubuntu
почти 5 лет назад
Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters.
CVSS3: 5.3
nvd
почти 5 лет назад
Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters.
CVSS3: 5.3
github
больше 3 лет назад
Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters.