PYSEC-2017-26

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/pysaml2/PYSEC-2017-26.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2017-26

Aliases

CVE-2017-1000246
GHSA-cq94-qf6q-mf2h

Published

2017-11-17T04:29:00Z

Modified

2023-11-01T04:47:23.475456Z

Summary

[none]

Details

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.

References

https://github.com/rohe/pysaml2/issues/417
https://github.com/advisories/GHSA-cq94-qf6q-mf2h

Affected packages

PyPI / pysaml2

Package

Name: pysaml2; View open source insights on deps.dev
Purl: pkg:pypi/pysaml2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.6.0

Affected versions

0.*

0.4.3

1.*

1.0.1

1.0.2

1.0.3

1.1.0

2.*

2.0.0

2.1.0

2.2.0

2.3.0

2.4.0

3.*

3.0.0

3.0.2

4.*

4.0.0

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5rc1

4.0.5

4.1.0

4.2.0

4.3.0

4.4.0

4.5.0

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/pysaml2/PYSEC-2017-26.yaml"