XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML…
XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response.
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
https://cwe.mitre.org/data/definitions/611.html →Open in CWE collection →The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.
https://cwe.mitre.org/data/definitions/776.html →Open in CWE collection →An adversary submits data to a target application which contains nested exponential data expansion to produce excessively large output. Many data format languages allow the definition of macro-like structures that can be used to simplify the creation of complex structures. However, this capability can be abused to create excessive demands on a processor's CPU and memory. A small number of nested expansions can result in an exponential growth in demands on memory.
https://capec.mitre.org/data/definitions/197.html →Open in CAPEC collection →This attack takes advantage of the entity replacement property of certain data serialization languages (e.g., XML, YAML, etc.) where the value of the replacement is a URI. A well-crafted file could have the entity refer to a URI that consumes a large amount of resources to create a denial of service condition. This can cause the system to either freeze, crash, or execute arbitrary code depending on the URI.
https://capec.mitre.org/data/definitions/221.html →Open in CAPEC collection →| Product | Vendor | Status |
|---|---|---|
| python-defusedxml | Tracked | |
| python-defusedxml | Tracked | |
| python-defusedxml | Tracked | |
| python-pysaml2 | Tracked | |
| python-pysaml2 | Tracked | |
| python-pysaml2 | Tracked | |
| python-pysaml2 | Tracked | |
| python-pysaml2 | Tracked | |
| python-pysaml2 | Tracked | |
| python-pysaml2 | Tracked | |
| debian_linux | * | Tracked |
| pysaml2 | * | Tracked |