VDB

CVE-2021-21238

CVE-2021-21238 PUBLISHED

PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping because it did not validate the SAML document against an XML schema. This allowed invalid XML documents to be processed and such a document can trick pysaml2 with a wrapped signature. This is fixed in PySAML2 6.5.0.

EPSS 0.14% · 33.9th percentile

Risk Scores

EPSS Score
0.14%
33.9th percentile

Affected Products

VendorProductVersions
Ubuntu:Pro:16.04:LTSpython-pysaml23.0.0-3ubuntu1.16.04.3, 3.0.0-3ubuntu1.16.04.4, 3.0.0-3ubuntu1.16.04.4+esm1
Ubuntu:18.04:LTSpython-pysaml24.0.2-0ubuntu2, 4.0.2-0ubuntu3.1, 4.0.2-0ubuntu3.2
Ubuntu:22.04:LTSpython-pysaml20, 7.1.0-0ubuntu2, 6.1.0-0ubuntu2
Ubuntu:20.04:LTSpython-pysaml20, 4.5.0+dfsg1-0ubuntu2, 4.9.0-0ubuntu2

Exploit Intelligence

Timeline

  • Jan 21, 2021 CVE Published
  • Jan 21, 2021 PoC Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Feb 28, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›