Get ahead
VMware offers training and certification to turbo-charge your progress.
Learn moreSpring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provider component, a malicious user can carefully modify an otherwise valid SAML response and append an arbitrary assertion that Spring Security will accept as valid.
This issue was identified and responsibly reported by Sam Tinklenberg.
To report a security vulnerability for a project within the Spring portfolio, see the Security Policy