Base Score

HIGH8.3

CVE-2024-52806

SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18.

VectorNETWORK

Published Bysecurity-advisories@github.com

Published DateDec 02, 2024, 17:15

Affected Versions(2)

simplesamlphp/saml2(Packagist)

Introduced0

Fixed4.6.14

LimitN/A

simplesamlphp/saml2-legacy(Packagist)

Introduced0

Fixed4.6.14

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
simplesamlphp/saml2(Packagist)	0	4.6.14	N/A
simplesamlphp/saml2-legacy(Packagist)	0	4.6.14	N/A

Weakness Type (CWE):CWE-611

CVSS Metrics

Base Score

8.3

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

CHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

LOW

References

Base Score

HIGH8.3

Weakness Type (CWE):CWE-611

CVSS Metrics

Base Score

8.3

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

CHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

LOW