Описание
PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response.
Отчет
This flaw resides in the XML Security Library (xmlsec1) and will be updated there; Red Hat OpenStack Platform is not affected.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) | python-pysaml2 | Not affected | ||
| Red Hat OpenStack Platform 10 (Newton) | python-pysaml2 | Not affected | ||
| Red Hat OpenStack Platform 11 (Ocata) | python-pysaml2 | Not affected | ||
| Red Hat OpenStack Platform 8 (Liberty) | python-pysaml2 | Not affected | ||
| Red Hat OpenStack Platform 9 (Mitaka) | python-pysaml2 | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-611
https://bugzilla.redhat.com/show_bug.cgi?id=1411794python-pysaml2: Vulnerable to XML external entity attack
7.3 High
CVSS3
Связанные уязвимости
CVSS3: 9
ubuntu
почти 9 лет назад
PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response.
CVSS3: 9
nvd
почти 9 лет назад
PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response.
CVSS3: 9
debian
почти 9 лет назад
PySAML2 allows remote attackers to conduct XML external entity (XXE) a ...
7.3 High
CVSS3