Search

Find a vulnerability

Search criteria

    5 vulnerabilities by clever

    VAR-201904-1492

    Vulnerability from variot - Updated: 2024-11-23 22:21

    Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers. Duo Network Gateway Contains an authentication vulnerability.Information may be tampered with. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. Duo Network Gateway (DNG) is an access control software developed by Duo Corporation in the United States for accessing internal web applications. An authentication bypass vulnerability exists in versions prior to DNG 1.2.10

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201904-1492",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "duo network gateway",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "cisco",
            "version": "1.2.9"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "clever",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "duo security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "omniauth",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "onelogin",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "pulse secure",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "shibboleth consortium",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "wizkunde b v",
            "version": null
          },
          {
            "model": "network gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "duo",
            "version": "1.2.6"
          },
          {
            "model": "network gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "duo",
            "version": "1.2.5"
          },
          {
            "model": "network gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "duo",
            "version": "1.2.4"
          },
          {
            "model": "network gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "duo",
            "version": "1.2.3"
          },
          {
            "model": "network gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "duo",
            "version": "1.2.2"
          },
          {
            "model": "network gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "duo",
            "version": "1.2.1"
          },
          {
            "model": "network gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "duo",
            "version": "1.1"
          },
          {
            "model": "network gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "duo",
            "version": "1.0"
          },
          {
            "model": "network gateway",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "duo",
            "version": "1.2.10"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#475445"
          },
          {
            "db": "BID",
            "id": "103178"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015272"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7340"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:cisco:duo_network_gateway",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015272"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Kelby Ludwig of Duo Security",
        "sources": [
          {
            "db": "BID",
            "id": "103178"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-103"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2018-7340",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-7340",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-137372",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-7340",
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "security@duo.com",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.1,
                "id": "CVE-2018-7340",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2018-7340",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-7340",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "security@duo.com",
                "id": "CVE-2018-7340",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-7340",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201803-103",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-137372",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-137372"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015272"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-103"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7340"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7340"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers. Duo Network Gateway Contains an authentication vulnerability.Information may be tampered with. \nAn attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. Duo Network Gateway (DNG) is an access control software developed by Duo Corporation in the United States for accessing internal web applications. An authentication bypass vulnerability exists in versions prior to DNG 1.2.10",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-7340"
          },
          {
            "db": "CERT/CC",
            "id": "VU#475445"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015272"
          },
          {
            "db": "BID",
            "id": "103178"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137372"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#475445",
            "trust": 3.3
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7340",
            "trust": 2.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015272",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-103",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "103178",
            "trust": 0.4
          },
          {
            "db": "VULHUB",
            "id": "VHN-137372",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#475445"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137372"
          },
          {
            "db": "BID",
            "id": "103178"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015272"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-103"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7340"
          }
        ]
      },
      "id": "VAR-201904-1492",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-137372"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T22:21:42.558000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Duo Finds SAML Vulnerabilities Affecting Multiple Implementations",
            "trust": 0.8,
            "url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
          },
          {
            "title": "Duo Network Gateway Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78891"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015272"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-103"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-347",
            "trust": 1.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-137372"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015272"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7340"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
          },
          {
            "trust": 1.7,
            "url": "https://www.kb.cert.org/vuls/id/475445"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7340"
          },
          {
            "trust": 1.1,
            "url": "https://duo.com/labs/psa/duo-psa-2017-003"
          },
          {
            "trust": 0.8,
            "url": "https://cwe.mitre.org/data/definitions/287.html"
          },
          {
            "trust": 0.8,
            "url": "https://shibboleth.net/community/advisories/secadv_20180227.txt"
          },
          {
            "trust": 0.8,
            "url": "https://community.box.com/t5/box-product-news/recently-reported-saml-vulnerabilities-what-you-need-to-know-as/ba-p/52403"
          },
          {
            "trust": 0.8,
            "url": "https://www.okta.com/blog/2018/02/what-you-need-to-know-about-saml-vulnerability-research/"
          },
          {
            "trust": 0.8,
            "url": "https://www.cloudfoundry.org/blog/vu475445"
          },
          {
            "trust": 0.8,
            "url": "https://github.com/crewjam/saml/pull/140"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7340"
          },
          {
            "trust": 0.8,
            "url": "https://www.kb.cert.org/vuls/id/475445/"
          },
          {
            "trust": 0.3,
            "url": "https://duo.com"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#475445"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137372"
          },
          {
            "db": "BID",
            "id": "103178"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015272"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-103"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7340"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#475445"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137372"
          },
          {
            "db": "BID",
            "id": "103178"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015272"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-103"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7340"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-02-27T00:00:00",
            "db": "CERT/CC",
            "id": "VU#475445"
          },
          {
            "date": "2019-04-17T00:00:00",
            "db": "VULHUB",
            "id": "VHN-137372"
          },
          {
            "date": "2018-02-27T00:00:00",
            "db": "BID",
            "id": "103178"
          },
          {
            "date": "2019-05-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-015272"
          },
          {
            "date": "2018-03-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-103"
          },
          {
            "date": "2019-04-17T15:29:00.640000",
            "db": "NVD",
            "id": "CVE-2018-7340"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-06-05T00:00:00",
            "db": "CERT/CC",
            "id": "VU#475445"
          },
          {
            "date": "2020-10-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-137372"
          },
          {
            "date": "2018-02-27T00:00:00",
            "db": "BID",
            "id": "103178"
          },
          {
            "date": "2019-05-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-015272"
          },
          {
            "date": "2020-10-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-103"
          },
          {
            "date": "2024-11-21T04:12:03.410000",
            "db": "NVD",
            "id": "CVE-2018-7340"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-103"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#475445"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "data forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-103"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2022-31106 (GCVE-0-2022-31106)

    Vulnerability from nvd – Published: 2022-06-28 17:30 – Updated: 2025-04-22 17:53
    VLAI
    Title
    Prototype Pollution in underscore.deep
    Summary
    Underscore.deep is a collection of Underscore mixins that operate on nested objects. Versions of `underscore.deep` prior to version 0.5.3 are vulnerable to a prototype pollution vulnerability. An attacker can craft a malicious payload and pass it to `deepFromFlat`, which would pollute any future Objects created. Any users that have `deepFromFlat` or `deepPick` (due to its dependency on `deepFromFlat`) in their code should upgrade to version 0.5.3 as soon as possible. Users unable to upgrade may mitigate this issue by modifying `deepFromFlat` to prevent specific keywords which will prevent this from happening.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes
    • CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Clever underscore.deep Affected: < 0.5.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:11:39.316Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/Clever/underscore.deep/security/advisories/GHSA-8j79-hfj5-f2xm"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/Clever/underscore.deep/commit/b5e109ad05b48371be225fa4d490dd08a94e8ef7"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-31106",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-22T15:40:37.227550Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-22T17:53:07.622Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "underscore.deep",
              "vendor": "Clever",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 0.5.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Underscore.deep is a collection of Underscore mixins that operate on nested objects. Versions of `underscore.deep` prior to version 0.5.3 are vulnerable to a prototype pollution vulnerability. An attacker can craft a malicious payload and pass it to `deepFromFlat`, which would pollute any future Objects created. Any users that have `deepFromFlat` or `deepPick` (due to its dependency on `deepFromFlat`) in their code should upgrade to version 0.5.3 as soon as possible. Users unable to upgrade may mitigate this issue by modifying `deepFromFlat` to prevent specific keywords which will prevent this from happening."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-915",
                  "description": "CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-1321",
                  "description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-28T17:30:14.000Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/Clever/underscore.deep/security/advisories/GHSA-8j79-hfj5-f2xm"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Clever/underscore.deep/commit/b5e109ad05b48371be225fa4d490dd08a94e8ef7"
            }
          ],
          "source": {
            "advisory": "GHSA-8j79-hfj5-f2xm",
            "discovery": "UNKNOWN"
          },
          "title": "Prototype Pollution in underscore.deep",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-advisories@github.com",
              "ID": "CVE-2022-31106",
              "STATE": "PUBLIC",
              "TITLE": "Prototype Pollution in underscore.deep"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "underscore.deep",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 0.5.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Clever"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Underscore.deep is a collection of Underscore mixins that operate on nested objects. Versions of `underscore.deep` prior to version 0.5.3 are vulnerable to a prototype pollution vulnerability. An attacker can craft a malicious payload and pass it to `deepFromFlat`, which would pollute any future Objects created. Any users that have `deepFromFlat` or `deepPick` (due to its dependency on `deepFromFlat`) in their code should upgrade to version 0.5.3 as soon as possible. Users unable to upgrade may mitigate this issue by modifying `deepFromFlat` to prevent specific keywords which will prevent this from happening."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/Clever/underscore.deep/security/advisories/GHSA-8j79-hfj5-f2xm",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/Clever/underscore.deep/security/advisories/GHSA-8j79-hfj5-f2xm"
                },
                {
                  "name": "https://github.com/Clever/underscore.deep/commit/b5e109ad05b48371be225fa4d490dd08a94e8ef7",
                  "refsource": "MISC",
                  "url": "https://github.com/Clever/underscore.deep/commit/b5e109ad05b48371be225fa4d490dd08a94e8ef7"
                }
              ]
            },
            "source": {
              "advisory": "GHSA-8j79-hfj5-f2xm",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2022-31106",
        "datePublished": "2022-06-28T17:30:14.000Z",
        "dateReserved": "2022-05-18T00:00:00.000Z",
        "dateUpdated": "2025-04-22T17:53:07.622Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-11429 (GCVE-0-2017-11429)

    Vulnerability from nvd – Published: 2019-04-17 14:00 – Updated: 2024-08-05 18:12
    VLAI
    Title
    Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal
    Summary
    Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    duo
    References
    Impacted products
    Vendor Product Version
    Clever saml2-js Affected: unspecified , < 1.0 (custom)
    Affected: unspecified , < 2.0 (custom)
    Create a notification for this product.
    Credits
    Kelby Ludwig of Duo Security
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:12:39.610Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/475445"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "saml2-js",
              "vendor": "Clever",
              "versions": [
                {
                  "lessThan": "1.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Kelby Ludwig of Duo Security"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287: Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-17T14:00:08.000Z",
            "orgId": "7cd4c57f-0a88-4dda-be53-70336b413766",
            "shortName": "duo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.kb.cert.org/vuls/id/475445"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@duo.com",
              "ID": "CVE-2017-11429",
              "STATE": "PUBLIC",
              "TITLE": "Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "saml2-js",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "1.0"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Clever"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Kelby Ludwig of Duo Security"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-287: Improper Authentication"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations",
                  "refsource": "MISC",
                  "url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
                },
                {
                  "name": "https://www.kb.cert.org/vuls/id/475445",
                  "refsource": "MISC",
                  "url": "https://www.kb.cert.org/vuls/id/475445"
                }
              ]
            },
            "source": {
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7cd4c57f-0a88-4dda-be53-70336b413766",
        "assignerShortName": "duo",
        "cveId": "CVE-2017-11429",
        "datePublished": "2019-04-17T14:00:08.000Z",
        "dateReserved": "2017-07-18T00:00:00.000Z",
        "dateUpdated": "2024-08-05T18:12:39.610Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-31106 (GCVE-0-2022-31106)

    Vulnerability from cvelistv5 – Published: 2022-06-28 17:30 – Updated: 2025-04-22 17:53
    VLAI
    Title
    Prototype Pollution in underscore.deep
    Summary
    Underscore.deep is a collection of Underscore mixins that operate on nested objects. Versions of `underscore.deep` prior to version 0.5.3 are vulnerable to a prototype pollution vulnerability. An attacker can craft a malicious payload and pass it to `deepFromFlat`, which would pollute any future Objects created. Any users that have `deepFromFlat` or `deepPick` (due to its dependency on `deepFromFlat`) in their code should upgrade to version 0.5.3 as soon as possible. Users unable to upgrade may mitigate this issue by modifying `deepFromFlat` to prevent specific keywords which will prevent this from happening.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes
    • CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Clever underscore.deep Affected: < 0.5.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:11:39.316Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/Clever/underscore.deep/security/advisories/GHSA-8j79-hfj5-f2xm"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/Clever/underscore.deep/commit/b5e109ad05b48371be225fa4d490dd08a94e8ef7"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-31106",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-22T15:40:37.227550Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-22T17:53:07.622Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "underscore.deep",
              "vendor": "Clever",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 0.5.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Underscore.deep is a collection of Underscore mixins that operate on nested objects. Versions of `underscore.deep` prior to version 0.5.3 are vulnerable to a prototype pollution vulnerability. An attacker can craft a malicious payload and pass it to `deepFromFlat`, which would pollute any future Objects created. Any users that have `deepFromFlat` or `deepPick` (due to its dependency on `deepFromFlat`) in their code should upgrade to version 0.5.3 as soon as possible. Users unable to upgrade may mitigate this issue by modifying `deepFromFlat` to prevent specific keywords which will prevent this from happening."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-915",
                  "description": "CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-1321",
                  "description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-28T17:30:14.000Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/Clever/underscore.deep/security/advisories/GHSA-8j79-hfj5-f2xm"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Clever/underscore.deep/commit/b5e109ad05b48371be225fa4d490dd08a94e8ef7"
            }
          ],
          "source": {
            "advisory": "GHSA-8j79-hfj5-f2xm",
            "discovery": "UNKNOWN"
          },
          "title": "Prototype Pollution in underscore.deep",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-advisories@github.com",
              "ID": "CVE-2022-31106",
              "STATE": "PUBLIC",
              "TITLE": "Prototype Pollution in underscore.deep"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "underscore.deep",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 0.5.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Clever"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Underscore.deep is a collection of Underscore mixins that operate on nested objects. Versions of `underscore.deep` prior to version 0.5.3 are vulnerable to a prototype pollution vulnerability. An attacker can craft a malicious payload and pass it to `deepFromFlat`, which would pollute any future Objects created. Any users that have `deepFromFlat` or `deepPick` (due to its dependency on `deepFromFlat`) in their code should upgrade to version 0.5.3 as soon as possible. Users unable to upgrade may mitigate this issue by modifying `deepFromFlat` to prevent specific keywords which will prevent this from happening."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/Clever/underscore.deep/security/advisories/GHSA-8j79-hfj5-f2xm",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/Clever/underscore.deep/security/advisories/GHSA-8j79-hfj5-f2xm"
                },
                {
                  "name": "https://github.com/Clever/underscore.deep/commit/b5e109ad05b48371be225fa4d490dd08a94e8ef7",
                  "refsource": "MISC",
                  "url": "https://github.com/Clever/underscore.deep/commit/b5e109ad05b48371be225fa4d490dd08a94e8ef7"
                }
              ]
            },
            "source": {
              "advisory": "GHSA-8j79-hfj5-f2xm",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2022-31106",
        "datePublished": "2022-06-28T17:30:14.000Z",
        "dateReserved": "2022-05-18T00:00:00.000Z",
        "dateUpdated": "2025-04-22T17:53:07.622Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-11429 (GCVE-0-2017-11429)

    Vulnerability from cvelistv5 – Published: 2019-04-17 14:00 – Updated: 2024-08-05 18:12
    VLAI
    Title
    Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal
    Summary
    Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    duo
    References
    Impacted products
    Vendor Product Version
    Clever saml2-js Affected: unspecified , < 1.0 (custom)
    Affected: unspecified , < 2.0 (custom)
    Create a notification for this product.
    Credits
    Kelby Ludwig of Duo Security
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:12:39.610Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/475445"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "saml2-js",
              "vendor": "Clever",
              "versions": [
                {
                  "lessThan": "1.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Kelby Ludwig of Duo Security"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287: Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-17T14:00:08.000Z",
            "orgId": "7cd4c57f-0a88-4dda-be53-70336b413766",
            "shortName": "duo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.kb.cert.org/vuls/id/475445"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@duo.com",
              "ID": "CVE-2017-11429",
              "STATE": "PUBLIC",
              "TITLE": "Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "saml2-js",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "1.0"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Clever"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Kelby Ludwig of Duo Security"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-287: Improper Authentication"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations",
                  "refsource": "MISC",
                  "url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
                },
                {
                  "name": "https://www.kb.cert.org/vuls/id/475445",
                  "refsource": "MISC",
                  "url": "https://www.kb.cert.org/vuls/id/475445"
                }
              ]
            },
            "source": {
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7cd4c57f-0a88-4dda-be53-70336b413766",
        "assignerShortName": "duo",
        "cveId": "CVE-2017-11429",
        "datePublished": "2019-04-17T14:00:08.000Z",
        "dateReserved": "2017-07-18T00:00:00.000Z",
        "dateUpdated": "2024-08-05T18:12:39.610Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }