python3-saml@1.3.0 vulnerabilities

Saml Python Toolkit. Add SAML support to your Python software using this library

  • latest version

    1.16.0

  • latest non vulnerable version

  • first published

    9 years ago

  • latest version published

    1 years ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the python3-saml package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Improper Input Validation

    Affected versions of this package are vulnerable to Improper Input Validation. XPath injection is potentially possible, due to insufficient validation of the response message.

    How to fix Improper Input Validation?

    Upgrade python3-saml to version 1.5.0 or higher.

    [,1.5.0)
    • M
    Authentication Bypass

    python3-saml adds SAML support to Python software.

    Affected versions of this package are vulnerable to Authentication Bypass. It incorrectly utilizes the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.

    How to fix Authentication Bypass?

    Upgrade python-saml3 to versions 1.4.0 or higher.

    [,1.4.0)