Vulnerability	Vulnerable Version
M Insecure Defaults pysaml2 is a Python implementation of SAML Version 2 Standard. Affected versions of this package are vulnerable to Insecure Defaults. It does not ensure that a signed SAML document is correctly signed. The default `CryptoBackendXmlSec1` backend is using the `xmlsec1` binary to verify the signature of signed SAML documents, but by default, `xmlsec1` accepts any type of key found within the given document. How to fix Insecure Defaults? Upgrade `pysaml2` to version 6.5.0 or higher.	[,6.5.0)
M Improper Validation pysaml2 is a Python implementation of SAML Version 2 Standard. Affected versions of this package are vulnerable to Improper Validation. By default, the SAML document is not validated against an XML schema. This allows invalid XML documents to trick the verification process, by presenting elements with a valid signature inside elements whose content has been malformed. The verification is offloaded to `xmlsec1` and `xmlsec1` will not validate every signature in the given document, but only the first it finds in the given scope. How to fix Improper Validation? Upgrade `pysaml2` to version 6.5.0 or higher.	[,6.5.0)

Insecure Defaults

pysaml2 is a Python implementation of SAML Version 2 Standard.

Affected versions of this package are vulnerable to Insecure Defaults. It does not ensure that a signed SAML document is correctly signed. The default CryptoBackendXmlSec1 backend is using the xmlsec1 binary to verify the signature of signed SAML documents, but by default, xmlsec1 accepts any type of key found within the given document.

How to fix Insecure Defaults?

Upgrade pysaml2 to version 6.5.0 or higher.

[,6.5.0)

Improper Validation

pysaml2 is a Python implementation of SAML Version 2 Standard.

Affected versions of this package are vulnerable to Improper Validation. By default, the SAML document is not validated against an XML schema. This allows invalid XML documents to trick the verification process, by presenting elements with a valid signature inside elements whose content has been malformed. The verification is offloaded to xmlsec1 and xmlsec1 will not validate every signature in the given document, but only the first it finds in the given scope.

How to fix Improper Validation?

Upgrade pysaml2 to version 6.5.0 or higher.

[,6.5.0)

Go back to all versions of this package