GHSA-376m-3rm2-9jm6

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-376m-3rm2-9jm6/GHSA-376m-3rm2-9jm6.json

Aliases

CVE-2016-8638

Published

2022-05-14T03:55:23Z

Modified

2023-09-18T20:47:08.639246Z

Details

A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users. It is also called a "SAML2 multi-session vulnerability."

References

Affected packages

PyPI / ipsilon

Source Details

Package Name: ipsilon

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.0.0

Fixed

2.0.2

Ecosystem specific

{
    "affected_functions": [
        ""
    ]
}

PyPI / ipsilon

Source Details

Package Name: ipsilon

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.2.0

Fixed

1.2.1

Affected versions

1.*

1.2.0

Ecosystem specific

{
    "affected_functions": [
        ""
    ]
}

PyPI / ipsilon

Source Details

Package Name: ipsilon

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.1.0

Fixed

1.1.2

Ecosystem specific

{
    "affected_functions": [
        ""
    ]
}

PyPI / ipsilon

Source Details

Package Name: ipsilon

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

1.0.3

Ecosystem specific

{
    "affected_functions": [
        ""
    ]
}