CVE-2024-1735

A vulnerability has been identified in armeria-saml versions less than 1.27.2, allowing the use of malicious SAML messages to bypass authentication. All users who rely on armeria-saml older than version 1.27.2 must upgrade to 1.27.2 or later.

Published: Feb 26, 2024
Updated: Apr 30, 2025
CVE: CVE-2024-1735
GHSA: GHSA-4m6j-23p2-8c54
Severity: Critical
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWEs:

CWE-304

Affected Software
References

Software	From	Fixed in
com.linecorp.armeria / armeria-saml	-	1.27.2
linecorp / armeria	-	1.27.2

https://github.com/line/armeria/blob/0efc776988d71be4da6e506ec8a33c2b7b43f567/saml/src/main/java/com/linecorp/armeria/server/saml/SamlMessageUtil.java#L160-L163
https://github.com/line/armeria/commit/b2aa9f49b46a7b0e03d8b8d753809cd1e8e2016c
https://github.com/line/armeria/releases/tag/armeria-1.27.2
https://github.com/line/armeria/security/advisories/GHSA-4m6j-23p2-8c54

Vulnerability Database

CVE-2024-1735

Deep Security Visibility Without the Complexity