First published: Sun Feb 11 2024(Updated: )
In the Samly package before 1.4.0 for Elixir, `Samly.State.Store.get_assertion/3` can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
erlang/Samly | <1.4.0 | 1.4.0 |
Dropbox Samly Elixir | <1.4.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.