CNNVD-202511-416 Information

CNNVD ID

CNNVD-202511-416

Related CVE

CVE-2025-47151

• CNNVD Published: 2025-11-05

Description (Chinese)

Entrouvert Lasso是法国Entrouvert开源的一个单点登录协议实现库。 Entrouvert Lasso 2.5.1版本和2.8.2版本存在安全漏洞，该漏洞源于lasso_node_impl_init_from_xml功能存在类型混淆，可能导致执行任意代码。

Description (English)

Entrouvert Lasso is a single point-entry protocol realization bank for the open source Entrouvert in France. There is a security loophole in Entrouvert Lasso 2.5.1 and 2.8.2, which stems from the typologies of lasso node impl init from xml, which may lead to the implementation of any code.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

Entrouvert

Published

2025-11-05

Last Modified

2026-02-24

References

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2193

Patch

https://lasso.entrouvert.org/