16 matches found
CVE-2025-69227
A flaw was found in aiohttp, an asynchronous HTTP client/server framework for Python. A remote attacker could exploit this vulnerability by sending a specially crafted POST request to an application using the Request.post method, provided that Python optimizations are enabled. This could lead to ...
GHSA-JJ3X-WXRX-4X23 AIOHTTP vulnerable to DoS when bypassing asserts
Summary When assert statements are bypassed, an infinite loop can occur, resulting in a DoS attack when processing a POST body. Impact If optimisations are enabled -O or PYTHONOPTIMIZE=1, and the application includes a handler that uses the Request.post method, then an attacker may be able to...
Infinite loop
Overview Affected versions of this package are vulnerable to Infinite loop in the Request.post function. An attacker can cause the application to exhaust system resources by sending a POST request. Note: This is only exploitable if Python optimizations are enabled using the -O flag or setting...
EUVD-2018-0126
Malware in sbrugna...
SUSE CVE-2017-1000433
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password...
GHSA-924M-4PMX-C67H pysaml2 Improper Authentication vulnerability
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password...
pysaml2 Improper Authentication vulnerability
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password...
PySAML2: Security bypass
Background PySAML2 is a pure python implementation of SAML2 Description It was found that the PySAML2 relies on an assert statement to check the user’s password. A python optimizations might remove this assertion. Impact A remote attacker could bypass security restrictions and access any...
Ubuntu 16.04 LTS : PySAML2 vulnerability (USN-3520-1)
The remote Ubuntu 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3520-1 advisory. It was discovered that PySAML2 incorrectly accepted any password when run with python optimizations enabled. An attacker could use this issue to authenticate as a...
USN-3520-1 python-pysaml2 vulnerability
It was discovered that PySAML2 incorrectly accepted any password when run with python optimizations enabled. An attacker could use this issue to authenticate as any user without a valid password...
CVE-2017-1000433
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password...
CVE-2017-1000433
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password...
PYSEC-2018-48
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password...
CVE-2017-1000433
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password...
DEBIAN-CVE-2017-1000433
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password...
CVE-2017-1000433
Summary: CVE-2017-1000433 affects PySAML2. Versions 4.4.0 and earlier allow login without a password when Python optimizations are enabled, enabling attacker impersonation of any user. The issue is widely reported across distros and advisories (Debian DLA-2577-1; DLA-1410-1; Ubuntu USN-3520-1; Ge...