Количество 2
Количество 2
CVE-2017-11427
OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.
GHSA-j8j8-348v-wfm3
Python-saml allows manipulation of SAML data without invalidation of cryptographic signature
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2017-11427 OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers. | CVSS3: 7.7 | 4% Низкий | почти 7 лет назад |
| GHSA-j8j8-348v-wfm3 Python-saml allows manipulation of SAML data without invalidation of cryptographic signature | CVSS3: 7.7 | 4% Низкий | больше 6 лет назад |
Уязвимостей на страницу