PatchSiren

Pysaml2 Project CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL Pysaml2 Project CVE published 2017-03-03

CVE-2016-10127

CVE-2016-10127 is a critical XML external entity (XXE) issue in PySAML2. A crafted SAML XML request or response can trigger unsafe XML parsing, which may expose sensitive data or otherwise affect confidentiality, integrity, and availability. The NVD record rates the issue 9.0/CRITICAL and maps it to CWE-611.