Lucene search

PySAML2 XML external entity attack

🗓️ 17 May 2022 02:23:56Reported by GitHub Advisory DatabaseType

PySAML2 XML external entity attack allows remote attackers to conduct XXE attacks via crafted SAML XML request or response

Reporter	Title	Published	Views	Family All 15
OSV	PYSEC-2017-67	3 Mar 201715:59	–	osv
OSV	CVE-2016-10127	3 Mar 201715:59	–	osv
OSV	PySAML2 XML external entity attack	17 May 202202:56	–	osv
Debian	[SECURITY] [DSA 3759-1] python-pysaml2 security update	12 Jan 201707:25	–	debian
Debian	[SECURITY] [DSA 3759-1] python-pysaml2 security update	12 Jan 201707:25	–	debian
CVE	CVE-2016-10127	3 Mar 201715:59	–	cve
NVD	CVE-2016-10127	3 Mar 201715:59	–	nvd
Prion	Xxe	3 Mar 201715:59	–	prion
Cvelist	CVE-2016-10127	3 Mar 201715:00	–	cvelist
UbuntuCve	CVE-2016-10127	3 Mar 201700:00	–	ubuntucve

Vulners

Node

pysaml2_project pysaml2Range<4.5.0

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2016-10127
github	www.github.com/rohe/pysaml2/issues/366
github	www.github.com/rohe/pysaml2/pull/379
github	www.github.com/rohe/pysaml2/commit/6e09a25d9b4b7aa7a506853210a9a14100b8bc9b
bugs	www.bugs.debian.org/cgi-bin/bugreport.cgi
openwall	www.openwall.com/lists/oss-security/2017/01/19/5
github	www.github.com/advisories/GHSA-m269-wj6g-c459
github	www.github.com/pypa/advisory-database/tree/main/vulns/pysaml2/PYSEC-2017-67.yaml
web	www.web.archive.org/web/20200227195127/http://www.securityfocus.com/bid/95376

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

17 May 2022 02:56Current

6.2Medium risk

Vulners AI Score6.2

CVSS26.8

CVSS39

EPSS0.00364

CWE-611