Описание
SimpleSAMLphp Use of insecure connection charset (sqlauth module)
The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2018-6521
- https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/CVE-2018-6521.yaml
- https://lists.debian.org/debian-lts-announce/2018/02/msg00008.html
- https://simplesamlphp.org/security/201801-03
- https://www.debian.org/security/2018/dsa-4127
Пакеты
simplesamlphp/simplesamlphp
< 1.15.2
1.15.2
Связанные уязвимости
The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions.
The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions.
The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL ...