Vulnerability	Vulnerable Version
M Insecure Defaults pysaml2 is a Python implementation of SAML Version 2 Standard. Affected versions of this package are vulnerable to Insecure Defaults. It does not ensure that a signed SAML document is correctly signed. The default `CryptoBackendXmlSec1` backend is using the `xmlsec1` binary to verify the signature of signed SAML documents, but by default, `xmlsec1` accepts any type of key found within the given document. How to fix Insecure Defaults? Upgrade `pysaml2` to version 6.5.0 or higher.	[,6.5.0)
M Improper Validation pysaml2 is a Python implementation of SAML Version 2 Standard. Affected versions of this package are vulnerable to Improper Validation. By default, the SAML document is not validated against an XML schema. This allows invalid XML documents to trick the verification process, by presenting elements with a valid signature inside elements whose content has been malformed. The verification is offloaded to `xmlsec1` and `xmlsec1` will not validate every signature in the given document, but only the first it finds in the given scope. How to fix Improper Validation? Upgrade `pysaml2` to version 6.5.0 or higher.	[,6.5.0)
M XML Signature Wrapping pysaml2 is a Python implementation of SAML Version 2 Standard. Affected versions of this package are vulnerable to XML Signature Wrapping. It does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective. The signature information and the node/object that is signed can be in different places and thus the signature verification will succeed, but the wrong data will be used. This specifically affects the verification of assertion that have been signed. How to fix XML Signature Wrapping? Upgrade `pysaml2` to version 5.0.0 or higher.	[,5.0.0)

Go back to all versions of this package