VYPR

SAML

by Crewjam

Source repositories

CVEs (4)

  • CVE-2025-40758HigAug 14, 2025
    risk 0.57cvss 8.7epss 0.00

    A vulnerability has been identified in Mendix SAML (Mendix 10.12 compatible) (All versions < V4.0.3), Mendix SAML (Mendix 10.21 compatible) (All versions < V4.1.2), Mendix SAML (Mendix 9.24 compatible) (All versions < V3.6.21). Affected versions of the module insufficiently…

  • CVE-2022-41912CriNov 28, 2022
    risk 0.52cvss 9.1epss 0.02

    The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in version 0.4.9. There are no workarounds other than upgrading to a fixed version.

  • CVE-2023-28119HigMar 22, 2023
    risk 0.42cvss 7.5epss 0.01

    The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Prior to version 0.4.13, the package's use of `flate.NewReader` does not limit the size of the input. The user can pass more than 1 MB of data in the HTTP request to the processing…

  • CVE-2023-45683HigOct 16, 2023
    risk 0.39cvss 7.1epss 0.00

    github.com/crewjam/saml is a saml library for the go language. In affected versions the package does not validate the ACS Location URI according to the SAML binding being parsed. If abused, this flaw allows attackers to register malicious Service Providers at the IdP and inject…