[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2017-1000246":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":177,"aliases":178,"duplicate_of":9,"upstream":181,"downstream":182,"duplicates":191,"related":192,"reserved_at":9,"published_at":195,"modified_at":196,"state":197,"summary":198,"references_raw":207,"kevs":242,"epss":243,"epss_history":246,"metrics":506,"affected":521},"CVE-2017-1000246","Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-330","Use of Insufficiently Random Values","The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.","weakness","Stable","Class","High",[20,145,173],{"id":21,"name":22,"techniques":23},"CAPEC-112","Brute Force",[24],{"id":25,"name":22,"tactics":26,"countermeasures":30},"T1110",[27],{"id":28,"name":29},"TA0031","Credential Access",[31,36,40,44,48,52,56,60,64,68,72,76,80,84,89,93,98,103,107,111,115,119,123,127,131,136,141],{"id":32,"name":33,"tactic":34},"D3-CCSA","Credential Compromise Scope Analysis",{"name":35},"Detect",{"id":37,"name":38,"tactic":39},"D3-AEM","Application Exception Monitoring",{"name":35},{"id":41,"name":42,"tactic":43},"D3-OPM","Operational Process Monitoring",{"name":35},{"id":45,"name":46,"tactic":47},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":35},{"id":49,"name":50,"tactic":51},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":35},{"id":53,"name":54,"tactic":55},"D3-CSPP","Client-server Payload Profiling",{"name":35},{"id":57,"name":58,"tactic":59},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":35},{"id":61,"name":62,"tactic":63},"D3-NTSA","Network Traffic Signature Analysis",{"name":35},{"id":65,"name":66,"tactic":67},"D3-APCA","Application Protocol Command Analysis",{"name":35},{"id":69,"name":70,"tactic":71},"D3-NTCD","Network Traffic Community Deviation",{"name":35},{"id":73,"name":74,"tactic":75},"D3-RTSD","Remote Terminal Session Detection",{"name":35},{"id":77,"name":78,"tactic":79},"D3-CAA","Connection Attempt Analysis",{"name":35},{"id":81,"name":82,"tactic":83},"D3-ANAA","Administrative Network Activity Analysis",{"name":35},{"id":85,"name":86,"tactic":87},"D3-CR","Credential Revocation",{"name":88},"Evict",{"id":90,"name":91,"tactic":92},"D3-ANCI","Authentication Cache Invalidation",{"name":88},{"id":94,"name":95,"tactic":96},"D3-DUC","Decoy User Credential",{"name":97},"Deceive",{"id":99,"name":100,"tactic":101},"D3-CH","Credential Hardening",{"name":102},"Harden",{"id":104,"name":105,"tactic":106},"D3-MFA","Multi-factor Authentication",{"name":102},{"id":108,"name":109,"tactic":110},"D3-CRO","Credential Rotation",{"name":102},{"id":112,"name":113,"tactic":114},"D3-PR","Password Rotation",{"name":102},{"id":116,"name":117,"tactic":118},"D3-PWA","Password Authentication",{"name":102},{"id":120,"name":121,"tactic":122},"D3-CDP","Change Default Password",{"name":102},{"id":124,"name":125,"tactic":126},"D3-SPP","Strong Password Policy",{"name":102},{"id":128,"name":129,"tactic":130},"D3-OTP","One-time Password",{"name":102},{"id":132,"name":133,"tactic":134},"D3-RIC","Reissue Credential",{"name":135},"Restore",{"id":137,"name":138,"tactic":139},"D3-CTS","Credential Transmission Scoping",{"name":140},"Isolate",{"id":142,"name":143,"tactic":144},"D3-NTF","Network Traffic Filtering",{"name":140},{"id":146,"name":147,"techniques":148},"CAPEC-485","Signature Spoofing by Key Recreation",[149],{"id":150,"name":151,"tactics":152,"countermeasures":154},"T1552.004","Private Keys",[153],{"id":28,"name":29},[155,157,159,161,163,165,167,169,171],{"id":32,"name":33,"tactic":156},{"name":35},{"id":85,"name":86,"tactic":158},{"name":88},{"id":90,"name":91,"tactic":160},{"name":88},{"id":94,"name":95,"tactic":162},{"name":97},{"id":99,"name":100,"tactic":164},{"name":102},{"id":104,"name":105,"tactic":166},{"name":102},{"id":108,"name":109,"tactic":168},{"name":102},{"id":132,"name":133,"tactic":170},{"name":135},{"id":137,"name":138,"tactic":172},{"name":140},{"id":174,"name":175,"techniques":176},"CAPEC-59","Session Credential Falsification through Prediction",[],[],[179,180],"GHSA-cq94-qf6q-mf2h","PYSEC-2017-26",[],[183,185,187,189],{"_key":184},"UBUNTU-CVE-2017-1000246",{"_key":186},"SUSE-RU-2020:2072-1",{"_key":188},"SUSE-SU-2020:1901-1",{"_key":190},"DEBIAN-CVE-2017-1000246",[],[193,194],{"_key":186},{"_key":188},"2017-11-17T04:00:00.000Z","2024-09-17T04:04:14.264Z","Modified",{"cisa_kev":199,"cisa_ransomware":199,"cisa_vendor":9,"epss_severity":200,"epss_score":201,"severity":202,"severity_score":203,"severity_version":204,"severity_source":205,"severity_vector":206,"severity_status":197},false,"low",0.00122,"medium",5.3,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",[208,220,225,229,233,238],{"url":209,"sources":210,"tags":213},"https://github.com/rohe/pysaml2/issues/417",[211,205,212],"cve.org","osv_pypi",[214,215,216,217,218,219],"X Refsource MISC","Issue Tracking","Patch","Third Party Advisory","WEB","REPORT",{"url":221,"sources":222,"tags":223},"https://nvd.nist.gov/vuln/detail/CVE-2017-1000246",[212],[224],"Advisory",{"url":226,"sources":227,"tags":228},"https://github.com/IdentityPython/pysaml2/pull/519/commits/7323f5c20efb59424d853c822e7a26d1aa3e84aa",[212],[218],{"url":230,"sources":231,"tags":232},"https://github.com/pypa/advisory-database/tree/main/vulns/pysaml2/PYSEC-2017-26.yaml",[212],[218],{"url":234,"sources":235,"tags":236},"https://github.com/rohe/pysaml2",[212],[237],"PACKAGE",{"url":239,"sources":240,"tags":241},"https://github.com/advisories/GHSA-cq94-qf6q-mf2h",[212],[224],[],{"date":244,"score":201,"percentile":245},"2026-06-04",0.30742,[247,250,253,256,259,262,264,267,270,273,276,279,282,285,288,291,294,297,299,302,305,308,311,314,317,320,323,326,329,331,333,336,338,341,344,347,350,353,356,359,362,365,367,370,373,376,379,382,385,388,391,394,397,400,403,406,409,411,414,417,420,423,425,427,430,433,436,439,442,444,447,450,453,456,459,462,465,468,471,474,477,480,483,486,489,492,495,498,501,503],{"date":248,"score":201,"percentile":249},"2025-11-04",0.31969,{"date":251,"score":201,"percentile":252},"2025-11-05",0.3195,{"date":254,"score":201,"percentile":255},"2025-11-06",0.31955,{"date":257,"score":201,"percentile":258},"2025-11-07",0.31974,{"date":260,"score":201,"percentile":261},"2025-11-08",0.31976,{"date":263,"score":201,"percentile":252},"2025-11-09",{"date":265,"score":201,"percentile":266},"2025-11-10",0.31899,{"date":268,"score":201,"percentile":269},"2025-11-11",0.31918,{"date":271,"score":201,"percentile":272},"2025-11-12",0.31963,{"date":274,"score":201,"percentile":275},"2025-11-13",0.31983,{"date":277,"score":201,"percentile":278},"2025-11-14",0.31985,{"date":280,"score":201,"percentile":281},"2025-11-15",0.31988,{"date":283,"score":201,"percentile":284},"2025-11-16",0.31954,{"date":286,"score":201,"percentile":287},"2025-11-17",0.31931,{"date":289,"score":201,"percentile":290},"2025-11-18",0.26451,{"date":292,"score":201,"percentile":293},"2025-11-19",0.26473,{"date":295,"score":201,"percentile":296},"2025-11-20",0.26479,{"date":298,"score":201,"percentile":249},"2025-11-21",{"date":300,"score":201,"percentile":301},"2025-11-22",0.3197,{"date":303,"score":201,"percentile":304},"2025-11-23",0.31943,{"date":306,"score":201,"percentile":307},"2025-11-24",0.31917,{"date":309,"score":201,"percentile":310},"2025-11-25",0.31913,{"date":312,"score":201,"percentile":313},"2025-11-26",0.31914,{"date":315,"score":201,"percentile":316},"2025-11-27",0.31927,{"date":318,"score":201,"percentile":319},"2025-11-28",0.31907,{"date":321,"score":201,"percentile":322},"2025-11-29",0.3189,{"date":324,"score":201,"percentile":325},"2025-11-30",0.31868,{"date":327,"score":201,"percentile":328},"2025-12-01",0.31948,{"date":330,"score":201,"percentile":258},"2025-12-02",{"date":332,"score":201,"percentile":258},"2025-12-03",{"date":334,"score":201,"percentile":335},"2025-12-04",0.3187,{"date":337,"score":201,"percentile":319},"2025-12-05",{"date":339,"score":201,"percentile":340},"2025-12-06",0.31909,{"date":342,"score":201,"percentile":343},"2025-12-07",0.31881,{"date":345,"score":201,"percentile":346},"2025-12-08",0.31894,{"date":348,"score":201,"percentile":349},"2025-12-09",0.31946,{"date":351,"score":201,"percentile":352},"2025-12-10",0.32006,{"date":354,"score":201,"percentile":355},"2025-12-11",0.32042,{"date":357,"score":201,"percentile":358},"2025-12-12",0.32073,{"date":360,"score":201,"percentile":361},"2025-12-13",0.3206,{"date":363,"score":201,"percentile":364},"2025-12-14",0.32035,{"date":366,"score":201,"percentile":278},"2025-12-15",{"date":368,"score":201,"percentile":369},"2025-12-16",0.32003,{"date":371,"score":201,"percentile":372},"2025-12-17",0.32052,{"date":374,"score":201,"percentile":375},"2025-12-18",0.32099,{"date":377,"score":201,"percentile":378},"2025-12-19",0.32126,{"date":380,"score":201,"percentile":381},"2025-12-20",0.32105,{"date":383,"score":201,"percentile":384},"2025-12-21",0.32047,{"date":386,"score":201,"percentile":387},"2025-12-22",0.32015,{"date":389,"score":201,"percentile":390},"2025-12-23",0.31996,{"date":392,"score":201,"percentile":393},"2025-12-24",0.31989,{"date":395,"score":201,"percentile":396},"2025-12-25",0.32063,{"date":398,"score":201,"percentile":399},"2025-12-26",0.32048,{"date":401,"score":201,"percentile":402},"2025-12-27",0.32059,{"date":404,"score":201,"percentile":405},"2025-12-28",0.31984,{"date":407,"score":201,"percentile":408},"2025-12-29",0.31952,{"date":410,"score":201,"percentile":349},"2025-12-30",{"date":412,"score":201,"percentile":413},"2025-12-31",0.31997,{"date":415,"score":201,"percentile":416},"2026-01-01",0.3214,{"date":418,"score":201,"percentile":419},"2026-01-02",0.32129,{"date":421,"score":201,"percentile":422},"2026-01-03",0.32109,{"date":424,"score":201,"percentile":249},"2026-01-04",{"date":426,"score":201,"percentile":255},"2026-01-05",{"date":428,"score":201,"percentile":429},"2026-01-06",0.31968,{"date":431,"score":201,"percentile":432},"2026-01-07",0.3199,{"date":434,"score":201,"percentile":435},"2026-01-08",0.32018,{"date":437,"score":201,"percentile":438},"2026-01-09",0.32014,{"date":440,"score":201,"percentile":441},"2026-01-10",0.32016,{"date":443,"score":201,"percentile":405},"2026-01-11",{"date":445,"score":201,"percentile":446},"2026-01-12",0.3191,{"date":448,"score":201,"percentile":449},"2026-01-13",0.31897,{"date":451,"score":201,"percentile":452},"2026-01-14",0.31938,{"date":454,"score":201,"percentile":455},"2026-01-15",0.31937,{"date":457,"score":201,"percentile":458},"2026-01-16",0.31961,{"date":460,"score":201,"percentile":461},"2026-01-17",0.31956,{"date":463,"score":201,"percentile":464},"2026-01-18",0.31903,{"date":466,"score":201,"percentile":467},"2026-01-19",0.31869,{"date":469,"score":201,"percentile":470},"2026-01-20",0.31854,{"date":472,"score":201,"percentile":473},"2026-01-21",0.31805,{"date":475,"score":201,"percentile":476},"2026-01-22",0.3178,{"date":478,"score":201,"percentile":479},"2026-01-23",0.31845,{"date":481,"score":201,"percentile":482},"2026-01-24",0.31858,{"date":484,"score":201,"percentile":485},"2026-01-25",0.31791,{"date":487,"score":201,"percentile":488},"2026-01-26",0.31701,{"date":490,"score":201,"percentile":491},"2026-01-27",0.31687,{"date":493,"score":201,"percentile":494},"2026-01-28",0.31663,{"date":496,"score":201,"percentile":497},"2026-01-29",0.31618,{"date":499,"score":201,"percentile":500},"2026-01-30",0.31607,{"date":502,"score":201,"percentile":497},"2026-01-31",{"date":504,"score":201,"percentile":505},"2026-02-01",0.31707,[507,516],{"source":205,"cvss_v2_0":508,"cvss_v3_0":513,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":509,"baseSeverity":9,"vectorString":510,"impactScore":511,"exploitabilityScore":512},5,"AV:N/AC:L/Au:N/C:P/I:N/A:N",2.9,10,{"baseScore":203,"baseSeverity":514,"vectorString":206,"impactScore":515,"exploitabilityScore":512},"MEDIUM",2.3,{"source":212,"cvss_v2_0":9,"cvss_v3_0":517,"cvss_v3_1":9,"cvss_v4_0":518},{"baseScore":203,"baseSeverity":9,"vectorString":206,"impactScore":515,"exploitabilityScore":512},{"baseScore":519,"baseSeverity":9,"vectorString":520,"impactScore":9,"exploitabilityScore":9},6.3,"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",[522,533],{"ecosystem":523,"name":524,"vendor":523,"product":524,"cpe_part":9,"purl_type":525,"purl_namespace":9,"purl_name":524,"source":9,"versions":526},"PyPI","pysaml2","pypi",[527],{"version":528,"is_range":529,"range_type":530,"version_start":9,"version_start_type":9,"version_end":531,"version_end_type":532,"fixed_in":9},"lt4_6_0",true,"ecosystem","4.6.0","excluding",{"ecosystem":9,"name":524,"vendor":534,"product":524,"cpe_part":535,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":536},"pysaml2_project","a",[537],{"version":538,"is_range":529,"range_type":539,"version_start":9,"version_start_type":9,"version_end":531,"version_end_type":532,"fixed_in":9},"lt4.6.0","cpe"]