Directory Security Advisories

Security Advisories

CGA-w29q-h459-6537

Published

Last updated

https://images.chainguard.dev/security/CGA-w29q-h459-6537

Package

kots

Latest Update

Not affected

Aliases

Severity

9.3

Critical

CVSS V3

Summary

Critical security issues in XML encoding in github.com/dexidp/dex

Description

Impact

The following vulnerabilities have been disclosed, which impact users leveraging the SAML connector:

Signature Validation Bypass (CVE-2020-15216): https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-q547-gmf8-8jr7

encoding/xml instabilities:

Patches

Immediately update to Dex v2.27.0.

Workarounds

There are no known workarounds.

References

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

© 2024 Chainguard. All Rights Reserved.

Product

Chainguard Images

Why Chainguard

Container Image Security Vulnerability Remediation Compliance and Risk Mitigation Software Supply Chain Security AI/ML Security

Customers

Customer Stories Chainguard Love

Company

About Us Pricing Open Source Careers Newsroom Legal

Resources

Unchained Blog Events Trust Center Documentation