CVE-2021-21238

Опубликовано: 21 янв. 2021

Источник: ubuntu

Приоритет: low

EPSS Низкий

CVSS2: 4.3

CVSS3: 6.5

Описание

PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping because it did not validate the SAML document against an XML schema. This allowed invalid XML documents to be processed and such a document can trick pysaml2 with a wrapped signature. This is fixed in PySAML2 6.5.0.

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needed
devel	not-affected	7.1.0-0ubuntu2
esm-infra-legacy/trusty	DNE
esm-infra/bionic	needed
esm-infra/focal	needed
esm-infra/xenial	needed
focal	ignored	end of standard support, was needed
groovy	ignored	end of life
hirsute	ignored	end of life
impish	ignored	end of life

Показывать по

Ссылки на источники

EPSS

Процентиль: 35%

0.0014

Низкий

4.3 Medium

CVSS2

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2021-21238

CVSS3: 6.5

redhat

больше 4 лет назад

CVE-2021-21238

CVSS3: 6.5

nvd

больше 4 лет назад

CVE-2021-21238

CVSS3: 6.5

debian

больше 4 лет назад

PySAML2 is a pure python implementation of SAML Version 2 Standard. Py ...

ROS-20240410-12

CVSS3: 6.5

redos

около 1 года назад

Уязвимость python3-pysaml2

GHSA-f4g9-h89h-jgv9

CVSS3: 6.5

github

больше 4 лет назад

SAML XML Signature wrapping in PySAML2

EPSS

Процентиль: 35%

0.0014

Низкий

4.3 Medium

CVSS2

6.5 Medium

CVSS3

CVE-2021-21238

Описание

Пакет python-pysaml2

Ссылки на источники

Связанные уязвимости