Lucene search

GitHub Advisory DatabaseGHSA-G48F-PGWH-WWXX

HistoryMay 17, 2024 - 11:06 p.m.

onelogin/php-saml signature wrapping attacks

2024-05-1723:06:55

GitHub Advisory Database

github.com

onelogin

php-saml

vulnerability

signature wrapping

attacks

unauthorized access

system

software

6.3 Medium

AI Score

Confidence

High

0 Low

EPSS

Percentile

0.0%

JSON

Vulnerability in onelogin/php-saml versions prior to 2.10.0 allows signature Wrapping attacks which may result in a malicious user gaining unauthorized access to a system.

Affected configurations

Vulners

Node

oneloginonelogin_saml_ssoRange<2.10.0

CPENameOperatorVersion
onelogin/php-samllt2.10.0

CPE	Name	Operator	Version
	onelogin/php-saml	lt	2.10.0

References

github.com/advisories/GHSA-g48f-pgwh-wwxx

github.com/FriendsOfPHP/security-advisories/blob/master/onelogin/php-saml/CVE-2016-1000253.yaml

github.com/onelogin/php-saml/commit/9d31baa97a57b0989020f62d24307c29e325dac3