libapache2-mod-auth-mellon, a SAML 2.0 authentication module for Apache, were reported to have the following vulnerabilities.
CVE-2019-13038
mod_auth_mellon had an Open Redirect via the login?ReturnTo= substring,
as demonstrated by omitting the // after http: in the target URL.
CVE-2021-3639
mod_auth_mellon did not sanitize logout URLs properly. This issue could
be used by an attacker to facilitate phishing attacks by tricking users
into visiting a trusted web application URL that redirects to an external
and potentially malicious server.
0.14.2-1+deb10u1