CVE-2021-23365

Summary

The package github.com/tyktechnologies/tyk-identity-broker before 1.1.1 are vulnerable to Authentication Bypass via the Go XML parser which can cause SAML authentication bypass. This is because the XML parser doesn’t guarantee integrity in the XML round-trip (encoding/decoding XML data).

Affected Software

VendorProductVersion RangeStatus
n/agithub.com/TykTechnologies/tyk-identity-brokerunspecified < 1.1.1affected

Weaknesses

  • Authentication Bypass

ADP Enrichment

CVE Program Container

Additional References

References