Critical severityNVD Advisory· Published Feb 11, 2024· Updated Apr 24, 2025
CVE-2024-25718
CVE-2024-25718
Description
In the Samly package before 1.4.0 for Elixir, Samly.State.Store.get_assertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
SamlyHex | < 1.4.0 | 1.4.0 |
Affected products
2- Samly/Samlydescription
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-h3rw-77w7-92gfghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-25718ghsaADVISORY
- diff.hex.pm/diff/samly/1.3.0..1.4.0ghsaWEB
- github.com/dropbox/samly/commit/7637ebeef6c6b88ec2032f5323c32edcebbacbc6ghsaWEB
- github.com/dropbox/samly/pull/13ghsaWEB
- github.com/dropbox/samly/pull/13/commits/812b5c3ad076dc9c9334c1a560c8e6470607d1ebghsaWEB
- hex.pm/packages/samlyghsaWEB
News mentions
0No linked articles in our index yet.