Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-wbt9-snjj-uuea
Summary
Improper signature validation
The `XmlSecLibs` library as used in the saml2 library in SimpleSAMLphp incorrectly verifies signatures on SAML assertions, allowing a remote attacker to construct a crafted SAML assertion on behalf of an Identity Provider that would pass as cryptographically valid, thereby allowing them to impersonate a user from that Identity Provider, aka a key confusion issue.
Aliases
0
alias CVE-2018-7644
Fixed_packages
0
url pkg:composer/simplesamlphp/saml2@1.10.5
purl pkg:composer/simplesamlphp/saml2@1.10.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@1.10.5
1
url pkg:composer/simplesamlphp/saml2@2.3.7
purl pkg:composer/simplesamlphp/saml2@2.3.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@2.3.7
2
url pkg:composer/simplesamlphp/saml2@3.1.3
purl pkg:composer/simplesamlphp/saml2@3.1.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@3.1.3
Affected_packages
0
url pkg:composer/simplesamlphp/saml2@2.0.0
purl pkg:composer/simplesamlphp/saml2@2.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ucwf-xdma-h7fc
1
vulnerability VCID-v3bx-f3um-8ubc
2
vulnerability VCID-wbt9-snjj-uuea
3
vulnerability VCID-xx6m-pvgs-puga
4
vulnerability VCID-zemd-kbb3-s3cr
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@2.0.0
1
url pkg:composer/simplesamlphp/saml2@3.0.0
purl pkg:composer/simplesamlphp/saml2@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ucwf-xdma-h7fc
1
vulnerability VCID-wbt9-snjj-uuea
2
vulnerability VCID-xx6m-pvgs-puga
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@3.0.0
References
0
reference_url https://simplesamlphp.org/security/201802-01
reference_id
reference_type
scores
url https://simplesamlphp.org/security/201802-01
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-7644
reference_id CVE-2018-7644
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-7644
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 347
name Improper Verification of Cryptographic Signature
description The product does not verify, or incorrectly verifies, the cryptographic signature for data.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-wbt9-snjj-uuea