Vuln ID: CVE-2021-27736

Published:  2021-04-22  14:15:09Z

Description: FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via a forged AuthnRequest or LogoutRequest because parseFromBytes uses javax.xml.parsers.DocumentBuilderFactory unsafely.

Source: NVD.NIST.GOV