CVE-2016-10149

Published: Mar 24, 2017

Modified: Aug 6, 2024

PUBLISHED

Description

XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/rohe/pysaml2/issues/366

x_refsource_MISC

RHSA-2017:0936

vendor-advisory

x_refsource_REDHAT

[oss-security] 20170119 Re: CVE request: python-pysaml2 XML external entity attack

mailing-list

x_refsource_MLIST

97692

vdb-entry

x_refsource_BID

DSA-3759

vendor-advisory

x_refsource_DEBIAN

https://github.com/rohe/pysaml2/commit/6e09a25d9b4b7aa7a506853210a9a14100b8bc9b

x_refsource_CONFIRM

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850716

x_refsource_CONFIRM

RHSA-2017:0938

vendor-advisory

x_refsource_REDHAT

https://github.com/rohe/pysaml2/pull/379

x_refsource_CONFIRM

RHSA-2017:0937

vendor-advisory

x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2016-10149

Description

Affected Products

References