CVE-2021-21238 in PySAML2info

Zusammenfassung

von MITRE • 21.01.2021

PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping because it did not validate the SAML document against an XML schema. This allowed invalid XML documents to be processed and such a document can trick pysaml2 with a wrapped signature. This is fixed in PySAML2 6.5.0.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

GitHub, Inc.

Reservieren

22.12.2020

Veröffentlichung

21.01.2021

Moderieren

akzeptiert

Eintrag

VDB-168608

CPE

bereit

CWE

CWE-347 (bestätigt)

CVSS

4.3 (NVD)

EPSS

0.00140

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2021-21238
NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-21238
CVE Details	https://www.cvedetails.com/cve/CVE-2021-21238/

◂ Zurück Übersicht Weiter ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!