CNNVD-202511-419 Information

CNNVD ID

CNNVD-202511-419

Related CVE

CVE-2025-46404

• CNNVD Published: 2025-11-05

Description (Chinese)

Entrouvert Lasso是法国Entrouvert开源的一个单点登录协议实现库。 Entrouvert Lasso 2.5.1版本存在安全漏洞，该漏洞源于lasso_provider_verify_saml_signature功能处理特制SAML响应不当，可能导致拒绝服务。

Description (English)

Entrouvert Lasso is a single point-entry protocol realization bank for the open source Entrouvert in France. Version 2.5.1 of Entrouvert Lasso has a security loophole, which stems from the inappropriate handling of the special SAML feature of the lasso provider verify saml signature, which may lead to the denial of services.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Entrouvert

Published

2025-11-05

Last Modified

2026-02-24

References

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2194 https://vigilance.fr/vulnerability/Lasso-denial-of-service-via-lasso-provider-verify-saml-signature-48743

Patch

https://lasso.entrouvert.org/