Fix CVE-2021-21238 - SAML XML Signature wrapping

All users of pysaml2 that use the default `CryptoBackendXmlSec1` backend and need to
verify signed SAML documents are impacted. `pysaml2 <= 6.4.1` does not validate the SAML
document against an XML schema. This allows invalid XML documents to trick the
verification process, by presenting elements with a valid signature inside elements
whose content has been malformed. The verification is offloaded to `xmlsec1` and
`xmlsec1` will not validate every signature in the given document, but only the first it
finds in the given scope.

Credits for the report:

- Victor Schönfelder Garcia (isits AG International School of IT Security)
- Juraj Somorovsky (Paderborn University)
- Vladislav Mladenov (Ruhr University Bochum)

Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>

0 files changed, 0 insertions, 0 deletions