GHSA-376m-3rm2-9jm6

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-376m-3rm2-9jm6/GHSA-376m-3rm2-9jm6.json
Aliases
  • CVE-2016-8638
Published
2022-05-14T03:55:23Z
Modified
2023-09-18T20:47:08.639246Z
Details

A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users. It is also called a "SAML2 multi-session vulnerability."

References

Affected packages

PyPI / ipsilon

Source Details

Package Name
ipsilon

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.0.0
Fixed
2.0.2

Ecosystem specific

{
    "affected_functions": [
        ""
    ]
}

PyPI / ipsilon

Source Details

Package Name
ipsilon

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.2.0
Fixed
1.2.1

Affected versions

1.*

1.2.0

Ecosystem specific

{
    "affected_functions": [
        ""
    ]
}

PyPI / ipsilon

Source Details

Package Name
ipsilon

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.1.0
Fixed
1.1.2

Ecosystem specific

{
    "affected_functions": [
        ""
    ]
}

PyPI / ipsilon

Source Details

Package Name
ipsilon

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.0.0
Fixed
1.0.3

Ecosystem specific

{
    "affected_functions": [
        ""
    ]
}