Lishiki

**Name of the Vulnerable Software and Affected Versions** armeria-saml versions less than 1.27.2 **Description** A vulnerability has been identified, allowing the use of malicious SAML messages to bypass authentication. The SAML implementation provided by `armeria-saml` currently accepts unsigned SAML messages as they are, rather than rejecting them by default. As a result, an attacker can forge a SAML message to authenticate themselves, despite the fact that such an unsigned SAML message should be rejected. **Recommendations** For armeria-saml versions less than 1.27.2, upgrade to 1.27.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of `armeria-saml` until a patch is applied. There is no known workaround for this vulnerability.