VYPR

Hex (Elixir) package

samly

pkg:hex/samly

Vulnerabilities (1)

  • CVE-2024-25718Feb 11, 2024
    affected < 1.4.0fixed 1.4.0

    In the Samly package before 1.4.0 for Elixir, Samly.State.Store.get_assertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry.