Skip to content

Auth bypass in SAML provider

Critical
mraerino published GHSA-433w-mm6h-rv9p Dec 14, 2020

Package

github.com/netlify/gotrue (Golang)

Affected versions

< v1.0.0

Patched versions

v1.0.0

Description

Impact

The following vulnerabilities have been disclosed, which impact users leveraging the SAML auth provider:

Patches

Patch available

Please upgrade to v1.0.0 or commit hash a2b4dd6bc4ef7562d1df044098b303f564eefa90

Workarounds

No known workarounds.

For more information

If you have any questions or comments about this advisory:

Severity

Critical

CVE ID

No known CVE

Weaknesses

No CWEs

Credits