CVE-2024-52596 SimpleSAMLphp xml-common XXE vulnerability

SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 1.19.0...

CVE-2024-52596

The CVE-2024-52596 entry concerns SimpleSAMLphp xml-common, where loading an untrusted XML document (e.g., a SAMLResponse) can trigger an XXE. Root cause: parsing with LIBXML_DTDLOAD/LIBXML_DTDATTR enabled allows reading local files or internal resources. The vulnerability affects SimpleSAMLphp x...

CVE-2024-52596

SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 1.19.0...

CVE-2024-52596 SimpleSAMLphp xml-common XXE vulnerability

SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 1.19.0...

CVE-2024-52596 SimpleSAMLphp xml-common XXE vulnerability

SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 1.19.0...

CVE-2024-52806

SimpleSAMLphp SAML2 library is affected by an XXE when loading an untrusted XML document (e.g., SAMLResponse). The issue is tied to parsing XML in the library, and the vulnerability is fixed in versions 4.6.14 and 5.0.0-alpha.18. Affected component: SimpleSAMLphp SAML2; root cause: XXE during XML...

CVE-2024-52806 SimpleSAMLphp SAML2 has an XXE in parsing SAML messages

SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18...

CVE-2024-52806

SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18...

CVE-2024-52806 SimpleSAMLphp SAML2 has an XXE in parsing SAML messages

SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18...

CVE-2024-52806 SimpleSAMLphp SAML2 has an XXE in parsing SAML messages

SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18...

[SECURITY] [DLA 3981-1] simplesamlphp security update

Debian LTS Advisory DLA-3981-1 [email protected] https://www.debian.org/lts/security/ Santiago Ruano Rincón December 02, 2024 https://wiki.debian.org/LTS Package : simplesamlphp Version : 1.19.0-1+deb11u1 CVE ID : CVE-2024-52596 It was discovered that in SimpleSAMLphp, an implementation...

[SECURITY] [DSA 5822-1] simplesamlphp security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5822-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 02, 2024 https://www.debian.org/security/faq -...

Debian dla-3981 : simplesamlphp - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-3981 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3981-1 [email protected] https://www.debian.org/lts/security/...

PT-2024-35392 · Unknown · Simplesamlphp

Name of the Vulnerable Software and Affected Versions: SimpleSAMLphp xml-common versions prior to 1.19.0 Description: The issue arises when loading an untrusted XML document, such as the SAMLResponse, allowing an attacker to induce an XML External Entity XXE attack. This could potentially enable ...

DLA-3981-1 simplesamlphp - security update

Bulletin has no description...

Debian dsa-5822 : simplesamlphp - security update

The remote Debian 12 host has a package installed that is affected by a vulnerability as referenced in the dsa-5822 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5822-1 [email protected] https://www.debian.org/security/...

DSA-5822-1 simplesamlphp - security update

Bulletin has no description...

PT-2024-35456 · Unknown · Simplesamlphp Saml2 Library

Name of the Vulnerable Software and Affected Versions: SimpleSAMLphp SAML2 library versions prior to 4.6.14 SimpleSAMLphp SAML2 library versions prior to 5.0.0-alpha.18 Description: The SimpleSAMLphp SAML2 library is vulnerable to an XML External Entity XXE attack when loading untrusted XML...

SimpleSAMLphp 安全漏洞

SimpleSAMLphp is a PHP authentication application that implements SAML 2.0 service provider and identity provider functionality. A security vulnerability exists in SimpleSAMLphp that originates when xml-common loads an untrusted XML document, inducing XML external entity injection...

SimpleSAMLphp 安全漏洞

SimpleSAMLphp is a PHP authentication application that implements SAML 2.0 service provider and identity provider functionality. A security vulnerability exists in SimpleSAMLphp that originates when loading an untrusted XML document that induces XML external entity injection...