{"url":"http://public2.vulnerablecode.io/api/packages/63196?format=json","purl":"pkg:pypi/ipsilon@1.1.0","type":"pypi","namespace":"","name":"ipsilon","version":"1.1.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.1.2","latest_non_vulnerable_version":"2.0.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43969?format=json","vulnerability_id":"VCID-j7c7-5cjw-wqf9","summary":"Session Fixation\nA vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users. It is also called a \"SAML2 multi-session vulnerability.\"","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2809.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-2809.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2809","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2809"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1392829","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1392829"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8638","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8638"},{"reference_url":"https://ipsilon-project.org/release/2.1.0.html","reference_id":"","reference_type":"","scores":[],"url":"https://ipsilon-project.org/release/2.1.0.html"},{"reference_url":"https://pagure.io/ipsilon/c/511fa8b7001c2f9a42301aa1d4b85aaf170a461c","reference_id":"","reference_type":"","scores":[],"url":"https://pagure.io/ipsilon/c/511fa8b7001c2f9a42301aa1d4b85aaf170a461c"},{"reference_url":"http://www.securityfocus.com/bid/94439","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94439"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2016-8638","reference_id":"CVE-2016-8638","reference_type":"","scores":[],"url":"https://access.redhat.com/security/cve/CVE-2016-8638"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-8638","reference_id":"CVE-2016-8638","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-8638"},{"reference_url":"https://ipsilon-project.org/advisory/CVE-2016-8638.txt","reference_id":"CVE-2016-8638.TXT","reference_type":"","scores":[],"url":"https://ipsilon-project.org/advisory/CVE-2016-8638.txt"},{"reference_url":"https://github.com/advisories/GHSA-376m-3rm2-9jm6","reference_id":"GHSA-376m-3rm2-9jm6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-376m-3rm2-9jm6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63202?format=json","purl":"pkg:pypi/ipsilon@1.1.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ipsilon@1.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/63199?format=json","purl":"pkg:pypi/ipsilon@1.2.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ipsilon@1.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/63200?format=json","purl":"pkg:pypi/ipsilon@2.0.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ipsilon@2.0.2"}],"aliases":["CVE-2016-8638","GHSA-376m-3rm2-9jm6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j7c7-5cjw-wqf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34973?format=json","vulnerability_id":"VCID-uw3a-jsez-xffk","summary":"providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.2 and 1.1.x before 1.1.1 does not properly check permissions, which allows remote authenticated users to cause a denial of service by deleting a SAML2 Service Provider (SP).","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171052.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171052.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171067.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171067.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171076.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171076.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1271530","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1271530"},{"reference_url":"https://fedorahosted.org/ipsilon/wiki/Releases/v1.0.2","reference_id":"","reference_type":"","scores":[],"url":"https://fedorahosted.org/ipsilon/wiki/Releases/v1.0.2"},{"reference_url":"https://fedorahosted.org/ipsilon/wiki/Releases/v1.1.1","reference_id":"","reference_type":"","scores":[],"url":"https://fedorahosted.org/ipsilon/wiki/Releases/v1.1.1"},{"reference_url":"https://github.com/ipsilon-project/ipsilon","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ipsilon-project/ipsilon"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/ipsilon/PYSEC-2015-42.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/ipsilon/PYSEC-2015-42.yaml"},{"reference_url":"https://pagure.io/ipsilon/9dec97c3c83928d231ea10f4160523a13803e594","reference_id":"","reference_type":"","scores":[],"url":"https://pagure.io/ipsilon/9dec97c3c83928d231ea10f4160523a13803e594"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/10/27/8","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2015/10/27/8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5301","reference_id":"CVE-2015-5301","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5301"},{"reference_url":"https://github.com/advisories/GHSA-9qp4-79q8-58pr","reference_id":"GHSA-9qp4-79q8-58pr","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9qp4-79q8-58pr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63197?format=json","purl":"pkg:pypi/ipsilon@1.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-j7c7-5cjw-wqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ipsilon@1.2.0"}],"aliases":["CVE-2015-5301","GHSA-9qp4-79q8-58pr","PYSEC-2015-42"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uw3a-jsez-xffk"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/ipsilon@1.1.0"}