{"id":"UBUNTU-CVE-2021-21238","details":"PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping because it did not validate the SAML document against an XML schema. This allowed invalid XML documents to be processed and such a document can trick pysaml2 with a wrapped signature. This is fixed in PySAML2 6.5.0.","modified":"2025-10-24T04:50:06Z","published":"2021-01-21T15:15:00Z","upstream":["CVE-2021-21238"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-21238"},{"type":"REPORT","url":"https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-f4g9-h89h-jgv9"},{"type":"REPORT","url":"https://github.com/IdentityPython/pysaml2/releases/tag/v6.5.0"},{"type":"REPORT","url":"https://pypi.org/project/pysaml2"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2021-21238"}],"affected":[{"package":{"name":"python-pysaml2","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/python-pysaml2@3.0.0-3ubuntu1.16.04.4+esm1?arch=source&distro=esm-infra/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.4.0-0ubuntu2","3.0.0-3ubuntu1","3.0.0-3ubuntu1.16.04.1","3.0.0-3ubuntu1.16.04.3","3.0.0-3ubuntu1.16.04.4","3.0.0-3ubuntu1.16.04.4+esm1"],"ecosystem_specific":{"binaries":[{"binary_name":"python-pysaml2","binary_version":"3.0.0-3ubuntu1.16.04.4+esm1"},{"binary_name":"python3-pysaml2","binary_version":"3.0.0-3ubuntu1.16.04.4+esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-21238.json"}},{"package":{"name":"python-pysaml2","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/python-pysaml2@4.0.2-0ubuntu3.2?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.0.0-3ubuntu2","4.0.2-0ubuntu2","4.0.2-0ubuntu3","4.0.2-0ubuntu3.1","4.0.2-0ubuntu3.2"],"ecosystem_specific":{"binaries":[{"binary_name":"python-pysaml2","binary_version":"4.0.2-0ubuntu3.2"},{"binary_name":"python3-pysaml2","binary_version":"4.0.2-0ubuntu3.2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-21238.json"}},{"package":{"name":"python-pysaml2","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/python-pysaml2@4.9.0-0ubuntu3.1?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["4.5.0+dfsg1-0ubuntu2","4.9.0-0ubuntu1","4.9.0-0ubuntu2","4.9.0-0ubuntu3","4.9.0-0ubuntu3.1"],"ecosystem_specific":{"binaries":[{"binary_name":"python3-pysaml2","binary_version":"4.9.0-0ubuntu3.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-21238.json"}},{"package":{"name":"python-pysaml2","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/python-pysaml2@7.1.0-0ubuntu2?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["6.1.0-0ubuntu2","7.1.0-0ubuntu2"],"ecosystem_specific":{"binaries":[{"binary_name":"python3-pysaml2","binary_version":"7.1.0-0ubuntu2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-21238.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"type":"Ubuntu","score":"low"}]}