suse · CVE-2017-11427

Quick triage

Priority: critical Published: 2021-05-30 13:58:57 UTC Updated: 2025-10-05 02:16:06 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2017-11427 severity critical: SUSE including 17 source package names (python-python3-saml, python3-defusedxml-0.6.0-1.5.1, …), 20 product×package rows across 8 product lines (SUSE Enterprise Storage 6, SUSE Linux Enterprise Module for Basesystem 15 SP2, … (8 product lines)): Fixed 18, Known Not Affected 2.

Description:

OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.

cvelogic Threat Intelligence