Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal

LLM-synthesized narrative grounded in this CVE's description and references.

Versions sourced from the GitHub Security Advisory.

• ghsa-coords8 versions

  pkg:pypi/python-samlpkg:rpm/opensuse/python-python3-saml&distro=openSUSE%20Tumbleweedpkg:rpm/suse/python-defusedxml&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/python-freezegun&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/python-isodate&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/python-pkgconfig&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/python-python3-saml&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/python-xmlsec&distro=SUSE%20Enterprise%20Storage%206

  < 2.4.0+ 7 more

  • (no CPE)range: < 2.4.0
  • (no CPE)range: < 1.15.0-2.3
  • (no CPE)range: < 0.6.0-1.5.1
  • (no CPE)range: < 0.3.12-1.5.1
  • (no CPE)range: < 0.6.0-1.3.2
  • (no CPE)range: < 1.5.1-1.5.1
  • (no CPE)range: < 1.9.0-1.5.2
  • (no CPE)range: < 1.3.6-1.5.1
• Onelogin/PythonSAMLcpe-rescue

  Range: unspecified

• github.com/advisories/GHSA-j8j8-348v-wfm3ghsaADVISORY
• nvd.nist.gov/vuln/detail/CVE-2017-11427ghsaADVISORY
• duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementationsghsax_refsource_MISCWEB
• github.com/SAML-Toolkits/python-saml/commit/fad881b4432febea69d70691dfed51c93f0de10fghsaWEB
• github.com/pypa/advisory-database/tree/main/vulns/python-saml/PYSEC-2019-198.yamlghsaWEB
• www.kb.cert.org/vuls/id/475445ghsax_refsource_MISCWEB

No linked articles in our index yet.