Описание
The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 1.15.2-1 |
| cosmic | not-affected | 1.15.2-1 |
| devel | not-affected | 1.15.2-1 |
| disco | not-affected | 1.15.2-1 |
| eoan | not-affected | 1.15.2-1 |
| esm-apps/bionic | not-affected | 1.15.2-1 |
| esm-apps/focal | not-affected | 1.15.2-1 |
| esm-apps/jammy | not-affected | 1.15.2-1 |
| esm-apps/noble | not-affected | 1.15.2-1 |
Показывать по
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions.
The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL ...
SimpleSAMLphp Use of insecure connection charset (sqlauth module)
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3