Vulnerabilities > Fusionauth > Saml V2 > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-04-22 CVE-2021-27736 XXE vulnerability in Fusionauth Saml V2
FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via a forged AuthnRequest or LogoutRequest because parseFromBytes uses javax.xml.parsers.DocumentBuilderFactory unsafely.
network
low complexity
fusionauth CWE-611
6.5
6.5