rpm package
almalinux/lasso-devel
pkg:rpm/almalinux/lasso-devel
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-47151 | — | < 2.7.0-11.el9_7.3 | 2.7.0-11.el9_7.3 | Nov 5, 2025 | A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerabili | ||
| CVE-2021-28091 | Hig | 7.5 | < 2.6.0-12.el8 | 2.6.0-12.el8 | Jun 4, 2021 | Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. |
- CVE-2025-47151Nov 5, 2025affected < 2.7.0-11.el9_7.3fixed 2.7.0-11.el9_7.3
A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerabili
- affected < 2.6.0-12.el8fixed 2.6.0-12.el8
Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature.