PyPi: Python-Saml

CVE-2016-1000252

Safety vulnerability ID: 26087

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Jan 01, 1970 Updated at Oct 09, 2023

Scan your Python projects for vulnerabilities →

Advisory

Python-saml 2.2.0 includes several fixes to prevent Signature Wrapping attacks.
https://github.com/onelogin/python-saml/commit/aeb25be9aff1313ec87c2f9b19687fb76088813f

Affected package

python-saml

Latest version: 2.13.0

Saml Python Toolkit. Add SAML support to your Python software using this library

Affected versions

Fixed versions

Vulnerability changelog

* Prevent signature wrapping attack!!
* [111](https://github.com/onelogin/python-saml/pull/111) Add support for nested `NameID` children inside `AttributeValue`s
* ALOWED Misspell
* Improve how we obtain the settings path.
* Update docs adding reference to test depencence installation
* Fix Organization element on SP metadata.
* [100](https://github.com/onelogin/python-saml/pull/100) Support Responses that don't have AttributeStatements.

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 7.5

CVSS v3 Details

HIGH 7.5

Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): NONE
Integrity Impact (I): HIGH
Availability Availability (A): NONE