High severity7.5NVD Advisory· Published Mar 24, 2017· Updated Jun 17, 2026
CVE-2016-10149
CVE-2016-10149
Description
XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pysaml2PyPI | < 4.5.0 | 4.5.0 |
Affected products
5- ghsa-coords3 versionspkg:pypi/pysaml2pkg:rpm/suse/python-defusedxml&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/python-pysaml2&distro=SUSE%20OpenStack%20Cloud%206
< 4.5.0+ 2 more
- (no CPE)range: < 4.5.0
- (no CPE)range: < 0.4.1-2.1
- (no CPE)range: < 2.4.0-3.1
Patches
Vulnerability mechanics
References
13- www.openwall.com/lists/oss-security/2017/01/19/5nvdMailing ListPatchThird Party AdvisoryWEB
- bugs.debian.org/cgi-bin/bugreport.cginvdIssue TrackingPatchThird Party AdvisoryWEB
- github.com/rohe/pysaml2/commit/6e09a25d9b4b7aa7a506853210a9a14100b8bc9bnvdIssue TrackingPatchThird Party AdvisoryWEB
- github.com/rohe/pysaml2/issues/366nvdIssue TrackingPatchThird Party AdvisoryWEB
- github.com/rohe/pysaml2/pull/379nvdIssue TrackingPatchThird Party AdvisoryWEB
- www.debian.org/security/2017/dsa-3759nvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-c2vx-49jm-h3f6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-10149ghsaADVISORY
- access.redhat.com/errata/RHSA-2017:0936nvdWEB
- access.redhat.com/errata/RHSA-2017:0937nvdWEB
- access.redhat.com/errata/RHSA-2017:0938nvdWEB
- github.com/pypa/advisory-database/tree/main/vulns/pysaml2/PYSEC-2017-25.yamlghsaWEB
- www.securityfocus.com/bid/97692nvd
News mentions
0No linked articles in our index yet.