XML External Entity (XXE) Injection Affecting pysaml2 package, versions [,4.5.0)
Threat Intelligence
Exploit Maturity
Proof of concept
EPSS
0.32% (71st
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-PYSAML2-40373
- published 6 Oct 2016
- disclosed 6 Oct 2016
- credit Matias P. Brutti
Introduced: 6 Oct 2016
CVE-2016-10149 Open this link in a new tabOverview
via a crafted SAML XML request or response.
CVSS Scores
version 3.1