GHSA-cq94-qf6q-mf2h

Source

https://github.com/advisories/GHSA-cq94-qf6q-mf2h

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/07/GHSA-cq94-qf6q-mf2h/GHSA-cq94-qf6q-mf2h.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-cq94-qf6q-mf2h

Aliases

Published

2018-07-16T16:50:30Z

Modified

2023-11-01T04:47:23.475456Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Pysaml2 improperly initializes encryption vector

Details

Python package pysaml2 version 4.5.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.

References

Affected packages

PyPI / pysaml2

Package

Name: pysaml2; View open source insights on deps.dev
Purl: pkg:pypi/pysaml2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.6.0

Affected versions

0.*

0.4.3

1.*

1.0.1

1.0.2

1.0.3

1.1.0

2.*

2.0.0

2.1.0

2.2.0

2.3.0

2.4.0

3.*

3.0.0

3.0.2

4.*

4.0.0

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5rc1

4.0.5

4.1.0

4.2.0

4.3.0

4.4.0

4.5.0