DEBIAN-CVE-2016-10127 — Vulnetix

DEBIAN-CVE-2016-10127 PUBLISHED CVSS 9 CRITICAL

PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response.

Risk Scores

CVSS v3.0

9

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Debian:11	python-pysaml2	7.2.1-3, 7.4.2-2, 7.4.2-4
Debian:13	python-pysaml2	7.5.0-6, 0, 7.5.0-4
Debian:12	python-pysaml2	7.5.4-2, 7.5.0-7, 7.5.0-2
Debian:14	python-pysaml2	0, 7.5.0-4, 7.5.0-5

Timeline

Mar 3, 2017 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2016-10127 advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›