CVE-2021-21238
SAML XML Signature wrapping in PySAML2
6.5
MEDIUM
CVSS 3.1
EPSS 0.14%
Description
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping because it did not validate the SAML document against an XML schema. This allowed invalid XML documents to be processed and such a document can trick pysaml2 with a wrapped signature. This is fixed in PySAML2 6.5.0.
How to fix CVE-2021-21238
To remediate CVE-2021-21238, upgrade the affected package to a fixed version below.
- —upgrade to 6.5.1-1 or later
- —upgrade to 6.5.0 or later
- —upgrade to 1d8fd268f5bf887480a403a7a5ef8f048157cc14 or later
Is CVE-2021-21238 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 6.5.1-1
- from 0, < 6.5.0
- from 0, < 1d8fd268f5bf887480a403a7a5ef8f048157cc14 | from 0, < 6.5.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |