📦 Lasso
by Entrouvert
🔍 What is Lasso?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
A type confusion vulnerability in Entr'ouvert Lasso's SAML parsing allows remote code execution when processing malicious SAML responses. This affects systems using Lasso 2.5.1 and 2.8.2 for SAML auth...
A denial-of-service vulnerability in Entr'ouvert Lasso's SAML processing allows attackers to crash the service by sending specially crafted SAML responses. This affects systems using Lasso 2.5.1 for S...
A denial of service vulnerability in Entr'ouvert Lasso's g_assert_not_reached function allows attackers to crash applications by sending specially crafted SAML assertion responses. This affects system...
A denial of service vulnerability in Entr'ouvert Lasso's SAML signature verification allows attackers to crash the service by sending specially crafted SAML responses. This affects systems using Lasso...
CVE-2021-28091 is a signature verification bypass vulnerability in Lasso, an open-source library for SAML authentication. Attackers can forge SAML assertions without valid cryptographic signatures, po...