GHSA-2X65-FPCH-2FCM SimpleSAMLphp xml-common XXE vulnerability
Summary When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. $options is defined as: https://github.com/simplesamlphp/xml-common/blob/v1.19.0/src/DOMDocumentFactory.phpL39 including the DTDLoad option, which allows an attacker to read file contents...