-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix XSS via missing Binding syntax validation #34
Conversation
add support for sha1 & sha512 add tests use query sign in redirect implement review feedback - Return error if signature is unsupported - wrap errors Co-authored-by: Ieva <[email protected]> Co-authored-by: Orgad Shaneh <[email protected]>
(cherry picked from commit b07b16c)
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for your contribution! Can you please accept the CLA so that we can merge this PR? More information is in this message: #34 (comment)
I did accept the CLA but the check seems not to work for me. |
Hi @witekest, thank you for your contribution and for opening the PR. After some consideration we decided to sync with the Thanks again! 🙇 |
Thanks as well |
Cross-site Scripting via missing Binding syntax validation vulnerability has been reported for the package github.com/crewjam/saml
https://nvd.nist.gov/vuln/detail/CVE-2023-45683
The vulnerability has been fixed upstream in the version 0.4.14 of the package.
GHSA-267v-3v32-g6q5
Grafana maintains own fork of the package in this repository. This pull request includes the cherry-pick from the upstream repository.
(cherry picked from commit crewjam/saml@b07b16c)