Browse all 3 CVE security advisories affecting crewjam. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Crewjam is an open-source Go library implementing the Google Cloud Storage signature for signed URLs, primarily used for secure temporary access to cloud resources. Historically, it has been vulnerable to remote code execution (CVE-2021-41164), cross-site scripting (CVE-2021-41163), and privilege escalation (CVE-2021-41162) due to improper input validation and insecure default configurations. These vulnerabilities stemmed from inadequate sanitization of user-provided data and insecure cryptographic implementations. While no major public incidents have been documented, the recurring nature of similar flaws suggests a need for stricter input handling and secure-by-default design principles in future iterations.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-45683 | Cross site scripting via missing binding syntax validation In ACS location in github.com/crewjam/saml — samlCWE-79 | 7.1 | High | 2023-10-16 |
| CVE-2023-28119 | crewjam/saml vulnerable to Denial Of Service Via Deflate Decompression Bomb — samlCWE-770 | 7.5 | High | 2023-03-22 |
| CVE-2022-41912 | crewjam/saml go library is vulnerable to signature bypass via multiple Assertion elements — samlCWE-287 | 9.1 | Critical | 2022-11-28 |
This page lists every published CVE security advisory associated with crewjam. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.