samlr XML nodes comment attack
Published: July 31, 2019
SECURITY IDENTIFIERS
- CVE: CVE-2018-20857 (NVD)
- GHSA: GHSA-qpxp-5j56-gg3x
- Vendor Advisory: https://github.com/zendesk/samlr/pull/29
GEM
SEVERITY
CVSS v3.x: 7.5 (High)
PATCHED VERSIONS
>= 2.6.2
DESCRIPTION
Zendesk Samlr before 2.6.2 allows an XML nodes comment attack such as a name_id node with user@example.com followed by <!—->. and then the attacker's domain name.