Pysaml2 Project Pysaml2 — known CVE vulnerabilities
Every CVE whose affected-product data names Pysaml2 Project Pysaml2, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2016-10127 — CVSS 9.0 (critical): PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response.
CVE-2017-1000433 — CVSS 8.1 (high): pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user…
CVE-2016-10149 — CVSS 7.5 (high): XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML…
CVE-2020-5390 — CVSS 7.5 (high): PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it…
CVE-2021-21238 — CVSS 6.5 (medium): PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic…
CVE-2021-21239 — CVSS 6.5 (medium): PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic…
CVE-2017-1000246 — CVSS 5.3 (medium): Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak…