VYPR

FusionAuth

by FusionAuth

CVEs (3)

  • CVE-2020-12676CriOct 2, 2020
    risk 0.59cvss 9.1epss 0.03

    FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack".

  • CVE-2020-7799HigJan 28, 2020
    risk 0.48cvss 7.2epss 0.20

    An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allowed to edit e-mail templates (Home -> Settings -> Email Templates) or themes (Home -> Settings -> Themes), can execute commands on the underlying operating system by abusing…

  • CVE-2021-27736MedApr 22, 2021
    risk 0.00cvss 6.5epss 0.01

    FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via a forged AuthnRequest or LogoutRequest because parseFromBytes uses javax.xml.parsers.DocumentBuilderFactory unsafely.