Closed karelmaxa closed 1 year ago
This PR introduces XML escaping of the SAML response attribute inResponseTo to resolve the security vulnerability published as a CVE-2021-37154.
inResponseTo
I was able to reproduce the exploit using the current version built with JDK 17.
This PR introduces XML escaping of the SAML response attribute
inResponseToto resolve the security vulnerability published as a CVE-2021-37154.I was able to reproduce the exploit using the current version built with JDK 17.