Amazon Linux AMI Security Advisory: ALAS-2021-1529
Advisory Release Date: 2021-09-02 22:54 Pacific
Advisory Updated Date: 2021-09-08 19:16 Pacific
An XML Signature Wrapping (XSW) vulnerability was found in Lasso. This flaw allows an attacker to modify a valid SAML response to include an unsigned SAML assertion, which may be used to impersonate another valid user recognized by the service using Lasso. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability. (CVE-2021-28091)
Run yum update lasso to update your system.