Medium severity4.8NVD Advisory· Published Apr 26, 2021· Updated Jun 17, 2026
CVE-2021-23365
CVE-2021-23365
Description
The package github.com/tyktechnologies/tyk-identity-broker before 1.1.1 are vulnerable to Authentication Bypass via the Go XML parser which can cause SAML authentication bypass. This is because the XML parser doesn’t guarantee integrity in the XML round-trip (encoding/decoding XML data).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/tyktechnologies/tyk-identity-brokerGo | < 1.1.1 | 1.1.1 |
Affected products
2- tyktechnologies/tyk-identity-brokerdescription
Patches
Vulnerability mechanics
References
7- github.com/TykTechnologies/tyk-identity-broker/commit/243092965b0f93a95a14cb882b5b9a3df61dd5c0nvdPatchThird Party AdvisoryWEB
- github.com/TykTechnologies/tyk-identity-broker/commit/46f70420e0911e4e8b638575e29d394c227c75d0nvdPatchThird Party AdvisoryWEB
- github.com/TykTechnologies/tyk-identity-broker/pull/147nvdPatchThird Party AdvisoryWEB
- github.com/TykTechnologies/tyk-identity-broker/releases/tag/v1.1.1nvdRelease NotesThird Party AdvisoryWEB
- github.com/advisories/GHSA-599h-8wpj-75xjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-23365ghsaADVISORY
- snyk.io/vuln/SNYK-GOLANG-GITHUBCOMTYKTECHNOLOGIESTYKIDENTITYBROKER-1089720nvdThird Party AdvisoryWEB
News mentions
0No linked articles in our index yet.