High severity7.5NVD Advisory· Published Jul 24, 2018· Updated Jun 17, 2026
CVE-2018-5387
CVE-2018-5387
Description
Wizkunde SAMLBase may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
gogentooss/samlbasePackagist | < 1.2.7 | 1.2.7 |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/GoGentoOSS/SAMLBase/commit/482cdf8c090e0f1179073034ebcb609ac7c3f5b3nvdPatchThird Party AdvisoryWEB
- github.com/GoGentoOSS/SAMLBase/issues/3nvdIssue TrackingPatchThird Party AdvisoryWEB
- duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementationsnvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-7gh2-8q93-87hpghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-5387ghsaADVISORY
- www.kb.cert.org/vuls/id/475445nvdThird Party AdvisoryUS Government ResourceWEB
News mentions
0No linked articles in our index yet.