CVE-2024-25718

Published: Feb 11, 2024

Modified: Apr 24, 2025

PUBLISHED

Description

In the Samly package before 1.4.0 for Elixir, Samly.State.Store.get_assertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://hex.pm/packages/samly

https://github.com/handnot2/samly

https://github.com/dropbox/samly

https://diff.hex.pm/diff/samly/1.3.0..1.4.0

https://github.com/dropbox/samly/pull/13

https://github.com/dropbox/samly/pull/13/commits/812b5c3ad076dc9c9334c1a560c8e6470607d1eb

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-25718

Description

Affected Products

References