PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response.
{ "affected_functions": [ "saml2.create_class_from_xml_string", "saml2.extension_element_from_string", "saml2.soap.parse_soap_enveloped_saml_thingy", "saml2.soap.class_instances_from_soap_enveloped_saml_thingies", "saml2.soap.open_soap_envelope", "saml2.pack.parse_soap_enveloped_saml" ] }