Red Hat Security Advisory 2021-4325-03 - The lasso packages provide the Lasso library that implements the Liberty Alliance Single Sign-On standards, including the SAML and SAML2 specifications. It allows handling of the whole life-cycle of SAML-based federations and provides bindings for multiple languages.
f90a0a4d41208b10bdd96bd2a864d8d4541716e4851ad1f5914016c6a353984c
Red Hat Security Advisory 2021-2989-01 - The lasso packages provide the Lasso library that implements the Liberty Alliance Single Sign-On standards, including the SAML and SAML2 specifications. It allows handling of the whole life-cycle of SAML-based federations and provides bindings for multiple languages.
72a844e3eb1105fa18f0cede61296be4ff9d37cf95a64005be09bafcae42b026
Debian Linux Security Advisory 4926-1 - It was discovered that lasso, a library which implements SAML 2.0 and Liberty Alliance standards, did not properly verify that all assertions in a SAML response were properly signed, allowing an attacker to impersonate users or bypass access control.
08b4234df9f67ce6f83c65e4a968d07d2850e3fecb674a809062330aa85eaef6
Ubuntu Security Notice 4974-1 - It was discovered that Lasso did not properly verify that all assertions in a SAML response were properly signed. An attacker could possibly use this to impersonate users or otherwise bypass access controls.
5bd381aee01d0b34cf8fd35cd96dbb180bc45c98dd746b222bb1b2c3743a2a77