VYPR

PyPI package

pysaml2

pkg:pypi/pysaml2

Vulnerabilities (7)

  • CVE-2021-21238Jan 21, 2021
    affected < 6.5.0fixed 6.5.0

    PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Sig

  • CVE-2021-21239Jan 21, 2021
    affected < 6.5.0fixed 6.5.0

    PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted

  • CVE-2020-5390Jan 13, 2020
    affected < 5.0.0fixed 5.0.0

    PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). The signature information and the node/object that is signed can be in different places and thus

  • CVE-2017-1000433HigJan 2, 2018
    affected < 4.5.0fixed 4.5.0

    pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password.

  • CVE-2017-1000246MedNov 17, 2017
    affected < 4.6.0fixed 4.6.0

    Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.

  • CVE-2016-10149HigMar 24, 2017
    affected < 4.5.0fixed 4.5.0

    XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response.

  • CVE-2016-10127CriMar 3, 2017
    affected < 4.5.0fixed 4.5.0

    PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response.