CVE-2021-21238

Name of the Vulnerable Software and Affected Versions PySAML2 versions prior to 6.5.0

Description The issue is related to an improper verification of cryptographic signatures, specifically a variant of XML Signature wrapping. This occurs because PySAML2 does not validate SAML documents against an XML schema, allowing invalid XML documents to be processed. Such documents can trick PySAML2 with a wrapped signature, potentially enabling a remote attacker to bypass signature verification and access protected information. All users of PySAML2 who need to validate signed SAML documents are impacted.

Recommendations For PySAML2 versions prior to 6.5.0, upgrade to PySAML2 version 6.5.0 to resolve the issue. As a temporary workaround, consider disabling the use of signed SAML documents until the upgrade is possible. Restrict access to sensitive information that relies on SAML authentication to minimize the risk of exploitation.