CVE-2024-52806
published 2024-12-02CVE-2024-52806: SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an (untrusted) XML document, for example the SAMLResponse, it's…
high8.3CVSS 3.1
AVNACLPRNUINSCCLILAL
SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | simplesamlphp | < simplesamlphp 1.19.7-1+deb12u1 (bookworm) | simplesamlphp 1.19.7-1+deb12u1 (bookworm) |
| simplesamlphp | saml2 | < 4.6.14 | 4.6.14 |
| simplesamlphp | saml2 | — | — |
| simplesamlphp | saml2 | >= 0 < 4.6.14 | 4.6.14 |
| simplesamlphp | saml2-legacy | >= 0 < 4.6.14 | 4.6.14 |
| simplesamlphp | simplesamlphp | >= 0 < 1.19.0-1+deb11u1 | 1.19.0-1+deb11u1 |
| simplesamlphp | simplesamlphp | >= 0 < 1.19.7-1+deb12u1 | 1.19.7-1+deb12u1 |
CVSS provenance
nvdv3.18.3HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
osv8.3HIGH