Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-2cd3-p3xz-k3hx

Summary

Inclusion of Sensitive Information in Log Files
Log injection in `SimpleSAMLphp` before version. The `www/erroreport.php` script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances, to inject new log lines by manually crafting this report ID. When configured to use the file logging handler, `SimpleSAMLphp` will output all its logs by appending each log line to a given file. Since the `reportID` parameter received in a request sent to `www/errorreport.php` was not properly sanitized, it was possible to inject newline characters into it, effectively allowing a malicious user to inject new log lines with arbitrary content.

Aliases

alias	CVE-2020-5225

alias	GHSA-6gc6-m364-85ww

Fixed_packages

url pkg:composer/simplesamlphp/simplesamlphp@1.18.4

purl pkg:composer/simplesamlphp/simplesamlphp@1.18.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6fwf-1xps-t7g5

vulnerability	VCID-hhq1-kxga-87ea

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.18.4

url	pkg:deb/debian/simplesamlphp@1.18.4-1?distro=sid
purl	pkg:deb/debian/simplesamlphp@1.18.4-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/simplesamlphp@1.18.4-1%3Fdistro=sid

url pkg:deb/debian/simplesamlphp@1.19.0-1

purl pkg:deb/debian/simplesamlphp@1.19.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6c55-4pyx-ckbx

vulnerability	VCID-8b8r-g7e2-qfb2

vulnerability	VCID-ma9b-k5br-ffhd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/simplesamlphp@1.19.0-1

url	pkg:deb/debian/simplesamlphp@1.19.0-1?distro=sid
purl	pkg:deb/debian/simplesamlphp@1.19.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/simplesamlphp@1.19.0-1%3Fdistro=sid

url	pkg:deb/debian/simplesamlphp@1.19.7-1%2Bdeb12u2?distro=sid
purl	pkg:deb/debian/simplesamlphp@1.19.7-1%2Bdeb12u2?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/simplesamlphp@1.19.7-1%252Bdeb12u2%3Fdistro=sid

url	pkg:deb/debian/simplesamlphp@1.19.7-2?distro=sid
purl	pkg:deb/debian/simplesamlphp@1.19.7-2?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/simplesamlphp@1.19.7-2%3Fdistro=sid

Affected_packages

url pkg:composer/simplesamlphp/simplesamlphp@1.18.0

purl pkg:composer/simplesamlphp/simplesamlphp@1.18.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cd3-p3xz-k3hx

vulnerability	VCID-6fwf-1xps-t7g5

vulnerability	VCID-dggq-bf45-aqga

vulnerability	VCID-hhq1-kxga-87ea

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.18.0

url pkg:composer/simplesamlphp/simplesamlphp@1.18.1

purl pkg:composer/simplesamlphp/simplesamlphp@1.18.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cd3-p3xz-k3hx

vulnerability	VCID-6fwf-1xps-t7g5

vulnerability	VCID-dggq-bf45-aqga

vulnerability	VCID-hhq1-kxga-87ea

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.18.1

url pkg:composer/simplesamlphp/simplesamlphp@1.18.2

purl pkg:composer/simplesamlphp/simplesamlphp@1.18.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cd3-p3xz-k3hx

vulnerability	VCID-6fwf-1xps-t7g5

vulnerability	VCID-dggq-bf45-aqga

vulnerability	VCID-hhq1-kxga-87ea

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.18.2

url pkg:composer/simplesamlphp/simplesamlphp@1.18.3

purl pkg:composer/simplesamlphp/simplesamlphp@1.18.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cd3-p3xz-k3hx

vulnerability	VCID-6fwf-1xps-t7g5

vulnerability	VCID-dggq-bf45-aqga

vulnerability	VCID-hhq1-kxga-87ea

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.18.3

url pkg:deb/debian/simplesamlphp@1.6.3-3

purl pkg:deb/debian/simplesamlphp@1.6.3-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-139j-7afy-wyf1

vulnerability	VCID-2cd3-p3xz-k3hx

vulnerability	VCID-4gux-4jrc-w7ce

vulnerability	VCID-6c55-4pyx-ckbx

vulnerability	VCID-8b8r-g7e2-qfb2

vulnerability	VCID-amz8-zhqx-p3c5

vulnerability	VCID-b3fn-bnh5-qyg4

vulnerability	VCID-d1d1-jng1-4fe6

vulnerability	VCID-dggq-bf45-aqga

vulnerability	VCID-dgs2-3xbu-c3ff

vulnerability	VCID-dvwj-zd42-nbhe

vulnerability	VCID-ew79-5kez-abdt

vulnerability	VCID-gwtm-bdae-3ufj

vulnerability	VCID-jhx8-7x7y-z7cv

vulnerability	VCID-jv7n-m3cf-jfex

vulnerability	VCID-k5d6-k216-8ub8

vulnerability	VCID-ma9b-k5br-ffhd

vulnerability	VCID-mfwu-mfhq-fkh8

vulnerability	VCID-pskx-9d46-bfdt

vulnerability	VCID-ucwf-xdma-h7fc

vulnerability	VCID-va8h-3qxg-uqh2

vulnerability	VCID-wbt9-snjj-uuea

vulnerability	VCID-xhg6-p2ka-nfe9

vulnerability	VCID-xx6m-pvgs-puga

vulnerability	VCID-yn8q-d76k-q3h2

vulnerability	VCID-ywuy-my3f-x7cd

vulnerability	VCID-zemd-kbb3-s3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/simplesamlphp@1.6.3-3

url pkg:deb/debian/simplesamlphp@1.9.2-1

purl pkg:deb/debian/simplesamlphp@1.9.2-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-139j-7afy-wyf1

vulnerability	VCID-2cd3-p3xz-k3hx

vulnerability	VCID-4gux-4jrc-w7ce

vulnerability	VCID-6c55-4pyx-ckbx

vulnerability	VCID-8b8r-g7e2-qfb2

vulnerability	VCID-amz8-zhqx-p3c5

vulnerability	VCID-b3fn-bnh5-qyg4

vulnerability	VCID-d1d1-jng1-4fe6

vulnerability	VCID-dggq-bf45-aqga

vulnerability	VCID-dgs2-3xbu-c3ff

vulnerability	VCID-dvwj-zd42-nbhe

vulnerability	VCID-gwtm-bdae-3ufj

vulnerability	VCID-jv7n-m3cf-jfex

vulnerability	VCID-k5d6-k216-8ub8

vulnerability	VCID-ma9b-k5br-ffhd

vulnerability	VCID-mfwu-mfhq-fkh8

vulnerability	VCID-pskx-9d46-bfdt

vulnerability	VCID-ucwf-xdma-h7fc

vulnerability	VCID-va8h-3qxg-uqh2

vulnerability	VCID-wbt9-snjj-uuea

vulnerability	VCID-xx6m-pvgs-puga

vulnerability	VCID-yn8q-d76k-q3h2

vulnerability	VCID-ywuy-my3f-x7cd

vulnerability	VCID-zemd-kbb3-s3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/simplesamlphp@1.9.2-1

url pkg:deb/debian/simplesamlphp@1.13.1-2

purl pkg:deb/debian/simplesamlphp@1.13.1-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-139j-7afy-wyf1

vulnerability	VCID-2cd3-p3xz-k3hx

vulnerability	VCID-4gux-4jrc-w7ce

vulnerability	VCID-6c55-4pyx-ckbx

vulnerability	VCID-8b8r-g7e2-qfb2

vulnerability	VCID-amz8-zhqx-p3c5

vulnerability	VCID-b3fn-bnh5-qyg4

vulnerability	VCID-d1d1-jng1-4fe6

vulnerability	VCID-dggq-bf45-aqga

vulnerability	VCID-dgs2-3xbu-c3ff

vulnerability	VCID-dvwj-zd42-nbhe

vulnerability	VCID-gwtm-bdae-3ufj

vulnerability	VCID-jv7n-m3cf-jfex

vulnerability	VCID-k5d6-k216-8ub8

vulnerability	VCID-ma9b-k5br-ffhd

vulnerability	VCID-mfwu-mfhq-fkh8

vulnerability	VCID-pskx-9d46-bfdt

vulnerability	VCID-ucwf-xdma-h7fc

vulnerability	VCID-va8h-3qxg-uqh2

vulnerability	VCID-wbt9-snjj-uuea

vulnerability	VCID-xx6m-pvgs-puga

vulnerability	VCID-yn8q-d76k-q3h2

vulnerability	VCID-ywuy-my3f-x7cd

vulnerability	VCID-zemd-kbb3-s3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/simplesamlphp@1.13.1-2

url pkg:deb/debian/simplesamlphp@1.13.1-2%2Bdeb8u1

purl pkg:deb/debian/simplesamlphp@1.13.1-2%2Bdeb8u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-139j-7afy-wyf1

vulnerability	VCID-2cd3-p3xz-k3hx

vulnerability	VCID-4gux-4jrc-w7ce

vulnerability	VCID-6c55-4pyx-ckbx

vulnerability	VCID-8b8r-g7e2-qfb2

vulnerability	VCID-amz8-zhqx-p3c5

vulnerability	VCID-b3fn-bnh5-qyg4

vulnerability	VCID-d1d1-jng1-4fe6

vulnerability	VCID-dggq-bf45-aqga

vulnerability	VCID-dgs2-3xbu-c3ff

vulnerability	VCID-dvwj-zd42-nbhe

vulnerability	VCID-gwtm-bdae-3ufj

vulnerability	VCID-jv7n-m3cf-jfex

vulnerability	VCID-k5d6-k216-8ub8

vulnerability	VCID-ma9b-k5br-ffhd

vulnerability	VCID-mfwu-mfhq-fkh8

vulnerability	VCID-pskx-9d46-bfdt

vulnerability	VCID-ucwf-xdma-h7fc

vulnerability	VCID-va8h-3qxg-uqh2

vulnerability	VCID-wbt9-snjj-uuea

vulnerability	VCID-xx6m-pvgs-puga

vulnerability	VCID-yn8q-d76k-q3h2

vulnerability	VCID-ywuy-my3f-x7cd

vulnerability	VCID-zemd-kbb3-s3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/simplesamlphp@1.13.1-2%252Bdeb8u1

url pkg:deb/debian/simplesamlphp@1.14.11-1%2Bdeb9u2

purl pkg:deb/debian/simplesamlphp@1.14.11-1%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-139j-7afy-wyf1

vulnerability	VCID-2cd3-p3xz-k3hx

vulnerability	VCID-4gux-4jrc-w7ce

vulnerability	VCID-6c55-4pyx-ckbx

vulnerability	VCID-8b8r-g7e2-qfb2

vulnerability	VCID-dggq-bf45-aqga

vulnerability	VCID-dgs2-3xbu-c3ff

vulnerability	VCID-dvwj-zd42-nbhe

vulnerability	VCID-gwtm-bdae-3ufj

vulnerability	VCID-k5d6-k216-8ub8

vulnerability	VCID-ma9b-k5br-ffhd

vulnerability	VCID-mfwu-mfhq-fkh8

vulnerability	VCID-pskx-9d46-bfdt

vulnerability	VCID-ucwf-xdma-h7fc

vulnerability	VCID-va8h-3qxg-uqh2

vulnerability	VCID-wbt9-snjj-uuea

vulnerability	VCID-xx6m-pvgs-puga

vulnerability	VCID-yn8q-d76k-q3h2

vulnerability	VCID-ywuy-my3f-x7cd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/simplesamlphp@1.14.11-1%252Bdeb9u2

url pkg:deb/debian/simplesamlphp@1.16.3-1%2Bdeb10u2

purl pkg:deb/debian/simplesamlphp@1.16.3-1%2Bdeb10u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-139j-7afy-wyf1

vulnerability	VCID-2cd3-p3xz-k3hx

vulnerability	VCID-6c55-4pyx-ckbx

vulnerability	VCID-8b8r-g7e2-qfb2

vulnerability	VCID-dggq-bf45-aqga

vulnerability	VCID-ma9b-k5br-ffhd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/simplesamlphp@1.16.3-1%252Bdeb10u2

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-5225

reference_id

reference_type

scores

value	0.00173
scoring_system	epss
scoring_elements	0.38519
published_at	2026-06-07T12:55:00Z

value	0.00173
scoring_system	epss
scoring_elements	0.38455
published_at	2026-06-04T12:55:00Z

value	0.00173
scoring_system	epss
scoring_elements	0.38544
published_at	2026-06-05T12:55:00Z

value	0.00173
scoring_system	epss
scoring_elements	0.38547
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-5225

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5225
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5225

reference_url

https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-6gc6-m364-85ww

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-6gc6-m364-85ww

reference_url

https://simplesamlphp.org/security/202001-02

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://simplesamlphp.org/security/202001-02

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-5225

reference_id

CVE-2020-5225

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-5225

reference_url

https://github.com/advisories/GHSA-6gc6-m364-85ww

reference_id

GHSA-6gc6-m364-85ww

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6gc6-m364-85ww

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	532
name	Insertion of Sensitive Information into Log File
description	Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score 0.1 - 4.4

Exploitability 0.5

Weighted_severity 4.0

Risk_score 2.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2cd3-p3xz-k3hx

Vulnerability Instance