CVE-2024-52596
published 2024-12-02CVE-2024-52596: SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible…
high8.8CVSS 4.0
AVNACLATNPRNUINVCHVINVAHSCLSILSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 1.19.0.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | simplesamlphp | < simplesamlphp 1.19.7-1+deb12u1 (bookworm) | simplesamlphp 1.19.7-1+deb12u1 (bookworm) |
| simplesamlphp | simplesamlphp | >= 0 < 1.19.0-1+deb11u1 | 1.19.0-1+deb11u1 |
| simplesamlphp | simplesamlphp | >= 0 < 1.19.7-1+deb12u1 | 1.19.7-1+deb12u1 |
| simplesamlphp | simplesamlphp | >= 0 < 2.0.15 | 2.0.15 |
| simplesamlphp | simplesamlphp | >= 2.1.0 < 2.1.7 | 2.1.7 |
| simplesamlphp | simplesamlphp | >= 2.2.0 < 2.2.4 | 2.2.4 |
| simplesamlphp | simplesamlphp | >= 2.3.0 < 2.3.4 | 2.3.4 |
| simplesamlphp | xml-common | < 1.20.0 | 1.20.0 |
| simplesamlphp | xml-common | >= 0 < 1.20.0 | 1.20.0 |
CVSS provenance
nvdv4.08.8HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
ghsa8.8HIGH
osv8.8HIGH