Spring Security versions 5.2.x prior to 5.2.4 Improper Verification of Cryptographic Signature Vulnerability
Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation.
The information has been provided by Sam Tinklenberg
The original article can be found at:https://tanzu.vmware.com/security/cve-2020-5407
When using the spring-security-saml2-service-provider component, a malicious user can carefully modify an otherwise valid SAML response and append an arbitrary assertion that Spring Security will accept as valid.
Spring Security versions 5.2.x prior to 5.2.4
Spring Security versions 5.3.x prior to 5.3.2