CVE-2025-27773: Saml Improper Reencoding Signature Bypass
Re-encoding parsed query parameters (like SAMLRequest or SAMLResponse) using urlencode() to reconstruct a query string for signature validation is unsafe. Framework query parsing (e.g., `getQueryParams()`) may drop duplicate parameters or decode values differently than they appear in the raw request. This can allow an attacker to bypass SAML signature valida
greprules fetch cve-2025-27773-saml-improper-reencoding-signature-bypass --engine opengrepDescription
Re-encoding parsed query parameters (like SAMLRequest or SAMLResponse) using urlencode() to reconstruct a query string for signature validation is unsafe. Framework query parsing (e.g., `getQueryParams()`) may drop duplicate parameters or decode values differently than they appear in the raw request. This can allow an attacker to bypass SAML signature valida
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.