Lucene search
+L

358 matches found

OSV
OSV
added 2025/04/14 11:35 a.m.45 views

BIT-PYTHON-2025-0938 URL parser allowed square brackets in domain names

The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in...

6.3CVSS5.8AI score0.01499EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2025/03/31 12:0 a.m.11 views

Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2025-898)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-898 advisory. The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be...

6.3CVSS6.7AI score0.01499EPSS
Exploits0References4
Amazon
Amazon
added 2025/03/26 12:0 a.m.7 views

Medium: python3.9

Issue Overview: The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could...

6.3CVSS7.7AI score0.01499EPSS
Exploits0
Veracode
Veracode
added 2025/03/18 8:53 a.m.12 views

Authentication Bypass

ruby-saml is vulnerable to Authentication Bypass. The vulnerability is due to a parser differential between ReXML and Nokogiri, allowing an attacker to execute a Signature Wrapping attack and potentially gain unauthorized access...

9.8CVSS7.5AI score0.63792EPSS
Exploits1References16Affected Software1
CNNVD
CNNVD
added 2025/03/17 12:0 a.m.5 views

Silicon Series 2 devices 安全漏洞

Silicon Series 2 devices are a family of devices from Silicon Corporation USA. A security vulnerability exists in Silicon Series 2 devices that stems from a DPA countermeasure that is not regularly reseeded, which could lead to key extraction via a DPA attack...

4.2CVSS6.6AI score0.00173EPSS
Exploits0References2
NVD
NVD
added 2025/03/12 9:15 p.m.17 views

CVE-2025-25292

ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely...

9.8CVSS0.63792EPSS
Exploits1References13
Github Security Blog
Github Security Blog
added 2025/03/12 8:54 p.m.30 views

Ruby SAML allows a SAML authentication bypass due to namespace handling (parser differential)

Summary An authentication bypass vulnerability was found in ruby-saml due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping...

9.8CVSS6.9AI score0.63792EPSS
Exploits1References16Affected Software1
Cvelist
Cvelist
added 2025/03/12 8:53 p.m.30 views

CVE-2025-25292 Ruby SAML vulnerable to SAML authentication bypass due to namespace handling (parser differential)

ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely...

9.3CVSS0.63792EPSS
Exploits1References10
Vulnrichment
Vulnrichment
added 2025/03/12 8:53 p.m.9 views

CVE-2025-25292 Ruby SAML vulnerable to SAML authentication bypass due to namespace handling (parser differential)

ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely...

9.3CVSS7.3AI score0.63792EPSS
Exploits1References10
CVE
CVE
added 2025/03/12 8:53 p.m.2060 views

CVE-2025-25292

Ruby-saml contains an authentication bypass vulnerability caused by a parser differential between ReXML and Nokogiri. The issue affects versions older than 1.12.4 and 1.18.0, enabling a Signature Wrapping attack that can lead to bypassing SAML authentication. A patch exists in versions 1.12.4 and...

9.8CVSS7AI score0.63792EPSS
Exploits1References13Affected Software2
OSV
OSV
added 2025/03/12 8:53 p.m.13 views

CVE-2025-25292 Ruby SAML vulnerable to SAML authentication bypass due to namespace handling (parser differential)

ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely...

9.3CVSS9.5AI score0.63792EPSS
Exploits1References15
OSV
OSV
added 2025/03/12 8:20 p.m.25 views

GHSA-4VC4-M8QH-G8JM Ruby SAML allows a SAML authentication bypass due to DOCTYPE handling (parser differential)

Summary An authentication bypass vulnerability was found in ruby-saml due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping...

9.8CVSS6.8AI score0.19506EPSS
Exploits1References16
Cvelist
Cvelist
added 2025/03/12 8:16 p.m.42 views

CVE-2025-25291 ruby-saml vulnerable to SAML authentication bypass due to DOCTYPE handling (parser differential)

ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely...

9.3CVSS0.19506EPSS
Exploits1References10
Vulnrichment
Vulnrichment
added 2025/03/12 8:16 p.m.28 views

CVE-2025-25291 ruby-saml vulnerable to SAML authentication bypass due to DOCTYPE handling (parser differential)

ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely...

9.3CVSS7AI score0.19506EPSS
Exploits1References10
Debian CVE
Debian CVE
added 2025/03/12 8:16 p.m.13 views

CVE-2025-25291

ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely...

9.8CVSS7.8AI score0.19506EPSS
Exploits1
CVE
CVE
added 2025/03/12 8:16 p.m.2020 views

CVE-2025-25291

ruby-saml vulnerabilities CVE-2025-25291/25292/25293 relate to a parser differential between ReXML and Nokogiri that enables a Signature Wrapping authentication bypass and related DoS when handling SAML inputs. Affected versions prior to 1.12.4 and 1.18.0 are vulnerable; fixes are shipped in 1.12...

9.8CVSS7AI score0.19506EPSS
Exploits1References13Affected Software2
OpenVAS
OpenVAS
added 2025/02/04 12:0 a.m.18 views

Python Improper Input Validation Vulnerability (Jan 2025) - Mac OS X

Python is prone to an improper input validation vulnerability in the urllib.parse.urlsplit and urlparse standard functions. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

6.3CVSS6.8AI score0.01499EPSS
Exploits0References10
CVE
CVE
added 2025/01/31 5:51 p.m.2901 views

CVE-2025-0938

Summary (CVE-2025-0938): The issue arises in Python’s standard library URL parsing, where urllib.parse.urlsplit/urlparse accepted domain names containing square brackets, contrary to RFC 3986. This leads to differential parsing between Python’s parser and other RFC-compliant parsers. The connecte...

6.3CVSS6.5AI score0.01499EPSS
Exploits0References11
Debian CVE
Debian CVE
added 2025/01/31 5:51 p.m.153 views

CVE-2025-0938

The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in...

6.3CVSS6.4AI score0.01499EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2024/10/11 4:58 p.m.22 views

SSOReady has an XML Signature Bypass via differential XML parsing

Affected versions are vulnerable to XML signature bypass attacks. An attacker can carry out signature bypass if you have access to certain IDP-signed messages. The underlying mechanism exploits differential behavior between XML parsers. Users of https://ssoready.com, the public hosted instance of...

9.8CVSS6.7AI score0.00398EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder