PT-2021-14350 · Pypi +3 · Pysaml2 +3

Name of the Vulnerable Software and Affected Versions: PySAML2 versions prior to 6.5.0 Description: The issue is related to an improper verification of cryptographic signatures in PySAML2, a pure python implementation of SAML Version 2 Standard. Users of PySAML2 that use the default...

PySAML2 XML Signature Wrapper Vulnerability

PySAML2 is a pure Python implementation of SAML2. An XML signature wrapping vulnerability exists in PySAML2 versions prior to 5.0.0. The vulnerability stems from the fact that PySAML2 does not check whether signatures in SAML documents are wrapped. An attacker can exploit this vulnerability to...

python-pysaml2 XML External Entity Injection Vulnerability (CNVD-2017-05308)

PySAML2 is an implementation of SAML2 written in python. An XML external entity injection vulnerability exists in PySAML2 4.4.0 and earlier versions. A remote attacker can exploit this vulnerability to read arbitrary files by sending a specially crafted SAMPL XML request or response...

DEBIAN-CVE-2016-10127

PySAML2 allows remote attackers to conduct XML external entity XXE attacks via a crafted SAML XML request or response...

DUO-PSA-2017-003: Duo Product Security Advisory

Duo Product Security Advisory Advisory ID: DUO-PSA-2017-003 Publication Date: 2018-02-27 Revision Date: 2018-02-27 Status: Confirmed, Fixed Document Revision: 1 Overview Duo Security has identified a security flaw in a third-party library used in the Duo Network Gateway DNG which, under certain...