Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Tyk Subscribe
Filtered by product Tyk-identity-broker
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-23365 1 Tyk 1 Tyk-identity-broker 2021-05-19 5.5 MEDIUM 9.1 CRITICAL
The package github.com/tyktechnologies/tyk-identity-broker before 1.1.1 are vulnerable to Authentication Bypass via the Go XML parser which can cause SAML authentication bypass. This is because the XML parser doesn’t guarantee integrity in the XML round-trip (encoding/decoding XML data).