Skip to main content

Pysaml2

6 CVEs product

Monthly

CVE-2021-21239 PyPI MEDIUM POC PATCH This Month

PySAML2 is a pure python implementation of SAML Version 2 Standard. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Information Disclosure Jwt Attack Pysaml2 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-21238 PyPI MEDIUM PATCH This Month

PySAML2 is a pure python implementation of SAML Version 2 Standard. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Jwt Attack Pysaml2
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-5390 PyPI HIGH PATCH This Week

PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Jwt Attack Pysaml2 Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2017-1000246 PyPI MEDIUM PATCH This Month

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Pysaml2
NVD GitHub
CVSS 3.0
5.3
EPSS
0.1%
CVE-2016-10149 PyPI HIGH PATCH This Week

XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XXE Pysaml2 Debian Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2016-10127 PyPI CRITICAL PATCH Act Now

PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

XXE Pysaml2
NVD GitHub
CVSS 3.0
9.0
EPSS
0.5%
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

PySAML2 is a pure python implementation of SAML Version 2 Standard. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Information Disclosure Jwt Attack +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

PySAML2 is a pure python implementation of SAML Version 2 Standard. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Jwt Attack +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Jwt Attack Pysaml2 +2
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Pysaml2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XXE Pysaml2 Debian Linux
NVD GitHub
EPSS 0% CVSS 9.0
CRITICAL PATCH Act Now

PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

XXE Pysaml2
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy