PYSEC-2021-48
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/pysaml2/PYSEC-2021-48.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/PYSEC-2021-48
- Aliases
- Published
- 2021-01-21T15:15:00Z
- Modified
- 2023-11-01T04:54:09.497040Z
- Summary
- [none]
- Details
-
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping because it did not validate the SAML document against an XML schema. This allowed invalid XML documents to be processed and such a document can trick pysaml2 with a wrapped signature. This is fixed in PySAML2 6.5.0.
- References
Affected packages
PyPI / pysaml2
Package
- Name
- pysaml2
- View open source insights on deps.dev
- Purl
- pkg:pypi/pysaml2
Affected ranges
- Type
- GIT
- Repo
- https://github.com/IdentityPython/pysaml2
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.5.0
Affected versions
0.*
0.4.3
1.*
1.0.1
1.0.2
1.0.3
1.1.0
2.*
2.0.0
2.1.0
2.2.0
2.3.0
2.4.0
3.*
3.0.0
3.0.2
4.*
4.0.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5rc1
4.0.5
4.1.0
4.2.0
4.3.0
4.4.0
4.5.0
4.6.0
4.6.1
4.6.2
4.6.3
4.6.4
4.6.5
4.7.0
4.8.0
4.9.0
5.*
5.0.0
5.1.0
5.2.0
5.3.0
5.4.0
6.*
6.0.0
6.1.0
6.2.0
6.3.0
6.3.1
6.4.0
6.4.1