Sustainsys.Saml2

NuGet3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting Sustainsys.Saml2page 1 of 1

CVE-2020-5261HIGHCVSS 8.2EG 8.2✓ Fixed in 2.5.0
2020-03-25
vulnerable: 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.4.0
Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. Token Replay Detection is an important defence in depth measu…
CVE-2020-5268MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2.7.0
2020-04-21
vulnerable: 2.0.0 ... 2.6.0 (7 versions)
In Saml2 Authentication Services for ASP.NET versions before 1.0.2, and between 2.0.0 and 2.6.0, there is a vulnerability in how tokens are validated in some cases. Saml2 tokens are usually used as bearer tokens - a caller that presents a …
CVE-2023-41890HIGHCVSS 7.5EG 7.5✓ Fixed in 2.9.2
2023-09-19
vulnerable: 2.0.0 ... 2.9.1 (11 versions)
Sustainsys.Saml2 library adds SAML2P support to ASP.NET web sites, allowing the web site to act as a SAML2 Service Provider. Prior to versions 1.0.3 and 2.9.2, when a response is processed, the issuer of the Identity Provider is not suffi…

Check whether Sustainsys.Saml2 is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for Sustainsys.Saml2 CVEs against the assets you own.

Start Free Scan →