VulnerableCode Package Details - pkg:pypi/ipsilon@1.2.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-j7c7-5cjw-wqf9 Aliases: CVE-2016-8638 GHSA-376m-3rm2-9jm6	Session Fixation A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users. It is also called a "SAML2 multi-session vulnerability."	1.2.1 Affected by 0 other vulnerabilities. 2.0.2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-j7c7-5cjw-wqf9
Aliases:
CVE-2016-8638
GHSA-376m-3rm2-9jm6

Session Fixation A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users. It is also called a "SAML2 multi-session vulnerability."

1.2.1
Affected by 0 other vulnerabilities.

2.0.2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-mwwq-2f9c-afaa	providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not properly check permissions to update the SAML2 Service Provider (SP) owner, which allows remote authenticated users to cause a denial of service via a duplicate SP name.	CVE-2015-5217 GHSA-6875-ff47-r6p6 PYSEC-2015-41
VCID-uw3a-jsez-xffk	providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.2 and 1.1.x before 1.1.1 does not properly check permissions, which allows remote authenticated users to cause a denial of service by deleting a SAML2 Service Provider (SP).	CVE-2015-5301 GHSA-9qp4-79q8-58pr PYSEC-2015-42

Vulnerability

Summary

Aliases

VCID-mwwq-2f9c-afaa

providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not properly check permissions to update the SAML2 Service Provider (SP) owner, which allows remote authenticated users to cause a denial of service via a duplicate SP name.

CVE-2015-5217
GHSA-6875-ff47-r6p6
PYSEC-2015-41

VCID-uw3a-jsez-xffk

providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.2 and 1.1.x before 1.1.1 does not properly check permissions, which allows remote authenticated users to cause a denial of service by deleting a SAML2 Service Provider (SP).

CVE-2015-5301
GHSA-9qp4-79q8-58pr
PYSEC-2015-42

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:43:40.877133+00:00	GitLab Importer	Fixing	VCID-mwwq-2f9c-afaa	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ipsilon/CVE-2015-5217.yml	38.6.0
2026-06-02T04:43:37.447500+00:00	GitLab Importer	Fixing	VCID-uw3a-jsez-xffk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ipsilon/CVE-2015-5301.yml	38.6.0
2026-06-02T04:43:24.093145+00:00	GitLab Importer	Affected by	VCID-j7c7-5cjw-wqf9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/ipsilon/CVE-2016-8638.yml	38.6.0