simplesamlphp/simplesamlphp is vulnerable to CRLF injection. The vulnerability exists as the file
logging handler is configured to be used with simplesamlphp
, allowing the unsanitized values of reportID
to be used to inject newline characters into logs.