PYSEC-2017-67

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/pysaml2/PYSEC-2017-67.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2017-67

Aliases

Published

2017-03-03T15:59:00Z

Modified

2023-11-01T04:46:31.344571Z

Summary

[none]

Details

PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response.

References

Affected packages

PyPI / pysaml2

Package

Name: pysaml2; View open source insights on deps.dev
Purl: pkg:pypi/pysaml2

Affected ranges

Type: GIT
Repo: https://github.com/rohe/pysaml2
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

6e09a25d9b4b7aa7a506853210a9a14100b8bc9b

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.5.0

Affected versions

0.*

0.4.3

1.*

1.0.1

1.0.2

1.0.3

1.1.0

2.*

2.0.0

2.1.0

2.2.0

2.3.0

2.4.0

3.*

3.0.0

3.0.2

4.*

4.0.0

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5rc1

4.0.5

4.1.0

4.2.0

4.3.0

4.4.0

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/pysaml2/PYSEC-2017-67.yaml"