582 matches found
UBUNTU-CVE-2024-52596
SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 1.19.0...
UBUNTU-CVE-2024-52806
SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18...
XML External Entity (XXE) Injection
Overview simplesamlphp/simplesamlphp is a PHP implementation of a SAML 2.0 service provider and identity provider, also compatible with Shibboleth 1.3 and 2.0. Affected versions of this package are vulnerable to XML External Entity XXE Injection due to improper sanitization of XML body in the...
XML External Entity (XXE) Injection
Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection due to improper sanitization of XML body in the fromString function. Workaround Remove the LIBXMLDTDLOAD | LIBXMLDTDATTR options from $options Details XXE Injection is a type of attack against an...
XML External Entity (XXE) Injection
Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection due to improper sanitization of XML body in the fromString function. Workaround Remove the LIBXMLDTDLOAD | LIBXMLDTDATTR options from $options Details XXE Injection is a type of attack against an...
CVE-2024-52596 SimpleSAMLphp xml-common XXE vulnerability
SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 1.19.0...
CVE-2024-52596 SimpleSAMLphp xml-common XXE vulnerability
SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 1.19.0...
CVE-2024-52596
The CVE-2024-52596 entry concerns SimpleSAMLphp xml-common, where loading an untrusted XML document (e.g., a SAMLResponse) can trigger an XXE. Root cause: parsing with LIBXML_DTDLOAD/LIBXML_DTDATTR enabled allows reading local files or internal resources. The vulnerability affects SimpleSAMLphp x...
CVE-2024-52596
SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 1.19.0...
CVE-2024-52596 SimpleSAMLphp xml-common XXE vulnerability
SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 1.19.0...
CVE-2024-52806
SimpleSAMLphp SAML2 library is affected by an XXE when loading an untrusted XML document (e.g., SAMLResponse). The issue is tied to parsing XML in the library, and the vulnerability is fixed in versions 4.6.14 and 5.0.0-alpha.18. Affected component: SimpleSAMLphp SAML2; root cause: XXE during XML...
CVE-2024-52806 SimpleSAMLphp SAML2 has an XXE in parsing SAML messages
SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18...
CVE-2024-52806 SimpleSAMLphp SAML2 has an XXE in parsing SAML messages
SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18...
CVE-2024-52806
SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18...
CVE-2024-52806 SimpleSAMLphp SAML2 has an XXE in parsing SAML messages
SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18...
[SECURITY] [DLA 3981-1] simplesamlphp security update
Debian LTS Advisory DLA-3981-1 [email protected] https://www.debian.org/lts/security/ Santiago Ruano Rincón December 02, 2024 https://wiki.debian.org/LTS Package : simplesamlphp Version : 1.19.0-1+deb11u1 CVE ID : CVE-2024-52596 It was discovered that in SimpleSAMLphp, an implementation...
[SECURITY] [DSA 5822-1] simplesamlphp security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5822-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 02, 2024 https://www.debian.org/security/faq -...
PT-2024-35456 · Unknown · Simplesamlphp Saml2 Library
Name of the Vulnerable Software and Affected Versions: SimpleSAMLphp SAML2 library versions prior to 4.6.14 SimpleSAMLphp SAML2 library versions prior to 5.0.0-alpha.18 Description: The SimpleSAMLphp SAML2 library is vulnerable to an XML External Entity XXE attack when loading untrusted XML...
SimpleSAMLphp 安全漏洞
SimpleSAMLphp is a PHP authentication application that implements SAML 2.0 service provider and identity provider functionality. A security vulnerability exists in SimpleSAMLphp that originates when loading an untrusted XML document that induces XML external entity injection...
SimpleSAMLphp 安全漏洞
SimpleSAMLphp is a PHP authentication application that implements SAML 2.0 service provider and identity provider functionality. A security vulnerability exists in SimpleSAMLphp that originates when xml-common loads an untrusted XML document, inducing XML external entity injection...