github.com/crewjam/saml is vulnerable to Denial of Service (DoS) attacks. The vulnerability is due to the flate.NewReader
function because it allows users to pass more than 1 MB of data to the processing functions, which will be decompressed server-side. After repeating the request a number of times, the application will reliably crash.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/crewjam/saml | le | v0.4.12 | |
github.com/crewjam/saml | le | v0.4.12 |