Fusionauth: >> Saml V2 >> 0.3.3 Security Vulnerabilities
FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via a forged AuthnRequest or LogoutRequest because parseFromBytes uses javax.xml.parsers.DocumentBuilderFactory unsafely.
CVSS Score
6.5
EPSS Score
0.003
Published
2021-04-22