Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/55048?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55048?format=api", "vulnerability_id": "VCID-ugw3-xgan-k3fm", "summary": "Duplicate Advisory: SimpleSAMLphp signature validation bypass\nA signature validation bypass issue has been found in the `SimpleSAML_XML_Validator` class. This class performs the verification of the XML digital signature of a SAML 1 message with a given key.\n\nWhen a SAML 1 authentication response message is received, it is processed to verify its authenticity, including a check for the signature or signatures included in the message. If the message is not signed but the assertions contained in it are, the signatures of those assertions signed will be verified. Unsigned assertions will not be verified. After verifying every signed element in the response, a list of valid nodes is built, holding the DOM nodes of those XML elements that are signed and whose signatures have been successfully verified.\n\nOnce this list is built, the assertions need to be processed individually. They are not processed until the getAttributes() method of the SimpleSAML_XML_Shib13_AuthnResponse class is called. This method iterates through the list of assertions contained in the response and makes sure they were validated in the previous signature verification step, by checking if their corresponding DOM nodes are in the list of those verified.\n\nThe vulnerability is due to lax comparison of the node being checked and the nodes in the verified list. The isNodeValidated() method of the SimpleSAML_XML_Validator class checks if a given DOM node is in the validNodes array by means of the standard in_array() function. This function, however, will return unexpected results due to the default lax behaviour when checking data types in PHP. In this case, the fact that there is a DOM node in the list is enough for in_array() to return true when looking for any DOM node. This means any unsigned assertion will be considered verified if there is at least one assertion with a valid signature in the message being processed.\n\nThis issue allows an attacker to generate a SAML 1 authentication response that contains two different assertions. The first assertion is the one the attacker wants the Service Provider to use, with custom attributes, expiration and even entityID (provided that the given entityID belongs to an Identity Provider that the Service Provider knows and trusts). The second is a legitimate assertion issued and signed by an Identity Provider trusted by the Service Provider. If the second assertion is still valid when sent by the attacker, SimpleSAMLphp will merge all the attributes found in both assertions, but the entityID registered for the authenticating third-party will be the one found in the first, tampered assertion. If the second (legitimate) assertion is already expired when the attacker sends it, only the attributes found in the tampered assertion will be used.\n\nThe issue can be easily fixed by passing a third parameter to the in_array() function, telling it to perform strict comparisons when checking if an object is found inside a given array. This way, when the code evaluates if the tampered assertion is included in the list of verified assertions, it fails and only the legitimate assertion is used, if possible (e.g. it is not expired).", "aliases": [ { "alias": "GHSA-fjr2-r2mp-484p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54606?format=api", "purl": "pkg:composer/simplesamlphp/simplesamlphp@1.14.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4gux-4jrc-w7ce" }, { "vulnerability": "VCID-6fwf-1xps-t7g5" }, { "vulnerability": "VCID-96db-3jav-tkay" }, { "vulnerability": "VCID-d1cm-xhdp-8qhv" }, { "vulnerability": "VCID-hhq1-kxga-87ea" }, { "vulnerability": "VCID-ywuy-my3f-x7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.14.17" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54605?format=api", "purl": "pkg:composer/simplesamlphp/simplesamlphp@1.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2etk-v7gt-pqhn" }, { "vulnerability": "VCID-3d8m-wtww-2yah" }, { "vulnerability": "VCID-4gux-4jrc-w7ce" }, { "vulnerability": "VCID-6fwf-1xps-t7g5" }, { "vulnerability": "VCID-96db-3jav-tkay" }, { "vulnerability": "VCID-b3fn-bnh5-qyg4" }, { "vulnerability": "VCID-cmqz-hp34-8kcx" }, { "vulnerability": "VCID-d1cm-xhdp-8qhv" }, { "vulnerability": "VCID-d1d1-jng1-4fe6" }, { "vulnerability": "VCID-dgs2-3xbu-c3ff" }, { "vulnerability": "VCID-dvwj-zd42-nbhe" }, { "vulnerability": "VCID-gwtm-bdae-3ufj" }, { "vulnerability": "VCID-hhq1-kxga-87ea" }, { "vulnerability": "VCID-j3sv-ccme-rbdn" }, { "vulnerability": "VCID-jv7n-m3cf-jfex" }, { "vulnerability": "VCID-mfwu-mfhq-fkh8" }, { "vulnerability": "VCID-pskx-9d46-bfdt" }, { "vulnerability": "VCID-ugw3-xgan-k3fm" }, { "vulnerability": "VCID-va8h-3qxg-uqh2" }, { "vulnerability": "VCID-yn8q-d76k-q3h2" }, { "vulnerability": "VCID-ywuy-my3f-x7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.12.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/204217?format=api", "purl": "pkg:composer/simplesamlphp/simplesamlphp@1.13.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2etk-v7gt-pqhn" }, { "vulnerability": "VCID-3d8m-wtww-2yah" }, { "vulnerability": "VCID-4gux-4jrc-w7ce" }, { "vulnerability": "VCID-6fwf-1xps-t7g5" }, { "vulnerability": "VCID-96db-3jav-tkay" }, { "vulnerability": "VCID-b3fn-bnh5-qyg4" }, { "vulnerability": "VCID-cmqz-hp34-8kcx" }, { "vulnerability": "VCID-d1cm-xhdp-8qhv" }, { "vulnerability": "VCID-d1d1-jng1-4fe6" }, { "vulnerability": "VCID-dgs2-3xbu-c3ff" }, { "vulnerability": "VCID-dvwj-zd42-nbhe" }, { "vulnerability": "VCID-gwtm-bdae-3ufj" }, { "vulnerability": "VCID-hhq1-kxga-87ea" }, { "vulnerability": "VCID-j3sv-ccme-rbdn" }, { "vulnerability": "VCID-jv7n-m3cf-jfex" }, { "vulnerability": "VCID-mfwu-mfhq-fkh8" }, { "vulnerability": "VCID-pskx-9d46-bfdt" }, { "vulnerability": "VCID-ugw3-xgan-k3fm" }, { "vulnerability": "VCID-va8h-3qxg-uqh2" }, { "vulnerability": "VCID-yn8q-d76k-q3h2" }, { "vulnerability": "VCID-ywuy-my3f-x7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.13.0-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/204218?format=api", "purl": "pkg:composer/simplesamlphp/simplesamlphp@1.13.0-rc2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2etk-v7gt-pqhn" }, { "vulnerability": "VCID-3d8m-wtww-2yah" }, { "vulnerability": "VCID-4gux-4jrc-w7ce" }, { "vulnerability": "VCID-6fwf-1xps-t7g5" }, { "vulnerability": "VCID-96db-3jav-tkay" }, { "vulnerability": "VCID-b3fn-bnh5-qyg4" }, { "vulnerability": "VCID-cmqz-hp34-8kcx" }, { "vulnerability": "VCID-d1cm-xhdp-8qhv" }, { "vulnerability": "VCID-d1d1-jng1-4fe6" }, { "vulnerability": "VCID-dgs2-3xbu-c3ff" }, { "vulnerability": "VCID-dvwj-zd42-nbhe" }, { "vulnerability": "VCID-gwtm-bdae-3ufj" }, { "vulnerability": "VCID-hhq1-kxga-87ea" }, { "vulnerability": "VCID-j3sv-ccme-rbdn" }, { "vulnerability": "VCID-jv7n-m3cf-jfex" }, { "vulnerability": "VCID-mfwu-mfhq-fkh8" }, { "vulnerability": "VCID-pskx-9d46-bfdt" }, { "vulnerability": "VCID-ugw3-xgan-k3fm" }, { "vulnerability": "VCID-va8h-3qxg-uqh2" }, { "vulnerability": "VCID-yn8q-d76k-q3h2" }, { "vulnerability": "VCID-ywuy-my3f-x7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.13.0-rc2" }, { "url": "http://public2.vulnerablecode.io/api/packages/204219?format=api", "purl": "pkg:composer/simplesamlphp/simplesamlphp@1.13.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2etk-v7gt-pqhn" }, { "vulnerability": "VCID-3d8m-wtww-2yah" }, { "vulnerability": "VCID-4gux-4jrc-w7ce" }, { "vulnerability": "VCID-6fwf-1xps-t7g5" }, { "vulnerability": "VCID-96db-3jav-tkay" }, { "vulnerability": "VCID-b3fn-bnh5-qyg4" }, { "vulnerability": "VCID-cmqz-hp34-8kcx" }, { "vulnerability": "VCID-d1cm-xhdp-8qhv" }, { "vulnerability": "VCID-d1d1-jng1-4fe6" }, { "vulnerability": "VCID-dgs2-3xbu-c3ff" }, { "vulnerability": "VCID-dvwj-zd42-nbhe" }, { "vulnerability": "VCID-gwtm-bdae-3ufj" }, { "vulnerability": "VCID-hhq1-kxga-87ea" }, { "vulnerability": "VCID-j3sv-ccme-rbdn" }, { "vulnerability": "VCID-jv7n-m3cf-jfex" }, { "vulnerability": "VCID-mfwu-mfhq-fkh8" }, { "vulnerability": "VCID-pskx-9d46-bfdt" }, { "vulnerability": "VCID-ugw3-xgan-k3fm" }, { "vulnerability": "VCID-va8h-3qxg-uqh2" }, { "vulnerability": "VCID-yn8q-d76k-q3h2" }, { "vulnerability": "VCID-ywuy-my3f-x7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.13.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/204220?format=api", "purl": "pkg:composer/simplesamlphp/simplesamlphp@1.13.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2etk-v7gt-pqhn" }, { "vulnerability": "VCID-3d8m-wtww-2yah" }, { "vulnerability": "VCID-4gux-4jrc-w7ce" }, { "vulnerability": "VCID-6fwf-1xps-t7g5" }, { "vulnerability": "VCID-96db-3jav-tkay" }, { "vulnerability": "VCID-b3fn-bnh5-qyg4" }, { "vulnerability": "VCID-cmqz-hp34-8kcx" }, { "vulnerability": "VCID-d1cm-xhdp-8qhv" }, { "vulnerability": "VCID-d1d1-jng1-4fe6" }, { "vulnerability": "VCID-dgs2-3xbu-c3ff" }, { "vulnerability": "VCID-dvwj-zd42-nbhe" }, { "vulnerability": "VCID-gwtm-bdae-3ufj" }, { "vulnerability": "VCID-hhq1-kxga-87ea" }, { "vulnerability": "VCID-j3sv-ccme-rbdn" }, { "vulnerability": "VCID-jv7n-m3cf-jfex" }, { "vulnerability": "VCID-mfwu-mfhq-fkh8" }, { "vulnerability": "VCID-pskx-9d46-bfdt" }, { "vulnerability": "VCID-ugw3-xgan-k3fm" }, { "vulnerability": "VCID-va8h-3qxg-uqh2" }, { "vulnerability": "VCID-yn8q-d76k-q3h2" }, { "vulnerability": "VCID-ywuy-my3f-x7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.13.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/204221?format=api", "purl": "pkg:composer/simplesamlphp/simplesamlphp@1.13.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2etk-v7gt-pqhn" }, { "vulnerability": "VCID-3d8m-wtww-2yah" }, { "vulnerability": "VCID-4gux-4jrc-w7ce" }, { "vulnerability": "VCID-6fwf-1xps-t7g5" }, { "vulnerability": "VCID-96db-3jav-tkay" }, { "vulnerability": "VCID-b3fn-bnh5-qyg4" }, { "vulnerability": "VCID-cmqz-hp34-8kcx" }, { "vulnerability": "VCID-d1cm-xhdp-8qhv" }, { "vulnerability": "VCID-d1d1-jng1-4fe6" }, { "vulnerability": "VCID-dgs2-3xbu-c3ff" }, { "vulnerability": "VCID-dvwj-zd42-nbhe" }, { "vulnerability": "VCID-gwtm-bdae-3ufj" }, { "vulnerability": "VCID-hhq1-kxga-87ea" }, { "vulnerability": "VCID-j3sv-ccme-rbdn" }, { "vulnerability": "VCID-jv7n-m3cf-jfex" }, { "vulnerability": "VCID-mfwu-mfhq-fkh8" }, { "vulnerability": "VCID-pskx-9d46-bfdt" }, { "vulnerability": "VCID-ugw3-xgan-k3fm" }, { "vulnerability": "VCID-va8h-3qxg-uqh2" }, { "vulnerability": "VCID-yn8q-d76k-q3h2" }, { "vulnerability": "VCID-ywuy-my3f-x7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.13.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/204222?format=api", "purl": "pkg:composer/simplesamlphp/simplesamlphp@1.14.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2etk-v7gt-pqhn" }, { "vulnerability": "VCID-3d8m-wtww-2yah" }, { "vulnerability": "VCID-4gux-4jrc-w7ce" }, { "vulnerability": "VCID-6fwf-1xps-t7g5" }, { "vulnerability": "VCID-96db-3jav-tkay" }, { "vulnerability": "VCID-b3fn-bnh5-qyg4" }, { "vulnerability": "VCID-cmqz-hp34-8kcx" }, { "vulnerability": "VCID-d1cm-xhdp-8qhv" }, { "vulnerability": "VCID-d1d1-jng1-4fe6" }, { "vulnerability": "VCID-dgs2-3xbu-c3ff" }, { "vulnerability": "VCID-dvwj-zd42-nbhe" }, { "vulnerability": "VCID-gwtm-bdae-3ufj" }, { "vulnerability": "VCID-hhq1-kxga-87ea" }, { "vulnerability": "VCID-j3sv-ccme-rbdn" }, { "vulnerability": "VCID-jv7n-m3cf-jfex" }, { "vulnerability": "VCID-mfwu-mfhq-fkh8" }, { "vulnerability": "VCID-pskx-9d46-bfdt" }, { "vulnerability": "VCID-ugw3-xgan-k3fm" }, { "vulnerability": "VCID-va8h-3qxg-uqh2" }, { "vulnerability": "VCID-yn8q-d76k-q3h2" }, { "vulnerability": "VCID-ywuy-my3f-x7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.14.0-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/54044?format=api", "purl": "pkg:composer/simplesamlphp/simplesamlphp@1.14.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2etk-v7gt-pqhn" }, { "vulnerability": "VCID-3d8m-wtww-2yah" }, { "vulnerability": "VCID-4gux-4jrc-w7ce" }, { "vulnerability": "VCID-6fwf-1xps-t7g5" }, { "vulnerability": "VCID-96db-3jav-tkay" }, { "vulnerability": "VCID-b3fn-bnh5-qyg4" }, { "vulnerability": "VCID-cmqz-hp34-8kcx" }, { "vulnerability": "VCID-d1cm-xhdp-8qhv" }, { "vulnerability": "VCID-d1d1-jng1-4fe6" }, { "vulnerability": "VCID-dgs2-3xbu-c3ff" }, { "vulnerability": "VCID-dvwj-zd42-nbhe" }, { "vulnerability": "VCID-gwtm-bdae-3ufj" }, { "vulnerability": "VCID-hhq1-kxga-87ea" }, { "vulnerability": "VCID-j3sv-ccme-rbdn" }, { "vulnerability": "VCID-jv7n-m3cf-jfex" }, { "vulnerability": "VCID-k5d6-k216-8ub8" }, { "vulnerability": "VCID-mfwu-mfhq-fkh8" }, { "vulnerability": "VCID-pskx-9d46-bfdt" }, { "vulnerability": "VCID-ugw3-xgan-k3fm" }, { "vulnerability": "VCID-va8h-3qxg-uqh2" }, { "vulnerability": "VCID-yn8q-d76k-q3h2" }, { "vulnerability": "VCID-ywuy-my3f-x7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.14.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/53258?format=api", "purl": "pkg:composer/simplesamlphp/simplesamlphp@1.14.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2etk-v7gt-pqhn" }, { "vulnerability": "VCID-3d8m-wtww-2yah" }, { "vulnerability": "VCID-4gux-4jrc-w7ce" }, { "vulnerability": "VCID-6fwf-1xps-t7g5" }, { "vulnerability": "VCID-96db-3jav-tkay" }, { "vulnerability": "VCID-b3fn-bnh5-qyg4" }, { "vulnerability": "VCID-cmqz-hp34-8kcx" }, { "vulnerability": "VCID-d1cm-xhdp-8qhv" }, { "vulnerability": "VCID-d1d1-jng1-4fe6" }, { "vulnerability": "VCID-dgs2-3xbu-c3ff" }, { "vulnerability": "VCID-dvwj-zd42-nbhe" }, { "vulnerability": "VCID-gwtm-bdae-3ufj" }, { "vulnerability": "VCID-hhq1-kxga-87ea" }, { "vulnerability": "VCID-j3sv-ccme-rbdn" }, { "vulnerability": "VCID-k5d6-k216-8ub8" }, { "vulnerability": "VCID-mfwu-mfhq-fkh8" }, { "vulnerability": "VCID-pskx-9d46-bfdt" }, { "vulnerability": "VCID-ugw3-xgan-k3fm" }, { "vulnerability": "VCID-va8h-3qxg-uqh2" }, { "vulnerability": "VCID-yn8q-d76k-q3h2" }, { "vulnerability": "VCID-ywuy-my3f-x7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.14.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/204223?format=api", "purl": "pkg:composer/simplesamlphp/simplesamlphp@1.14.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2etk-v7gt-pqhn" }, { "vulnerability": "VCID-3d8m-wtww-2yah" }, { "vulnerability": "VCID-4gux-4jrc-w7ce" }, { "vulnerability": "VCID-6fwf-1xps-t7g5" }, { "vulnerability": "VCID-96db-3jav-tkay" }, { "vulnerability": "VCID-b3fn-bnh5-qyg4" }, { "vulnerability": "VCID-cmqz-hp34-8kcx" }, { "vulnerability": "VCID-d1cm-xhdp-8qhv" }, { "vulnerability": "VCID-d1d1-jng1-4fe6" }, { "vulnerability": "VCID-dgs2-3xbu-c3ff" }, { "vulnerability": "VCID-dvwj-zd42-nbhe" }, { "vulnerability": "VCID-gwtm-bdae-3ufj" }, { "vulnerability": "VCID-hhq1-kxga-87ea" }, { "vulnerability": "VCID-j3sv-ccme-rbdn" }, { "vulnerability": "VCID-k5d6-k216-8ub8" }, { "vulnerability": "VCID-mfwu-mfhq-fkh8" }, { "vulnerability": "VCID-pskx-9d46-bfdt" }, { "vulnerability": "VCID-ugw3-xgan-k3fm" }, { "vulnerability": "VCID-va8h-3qxg-uqh2" }, { "vulnerability": "VCID-yn8q-d76k-q3h2" }, { "vulnerability": "VCID-ywuy-my3f-x7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.14.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/204224?format=api", "purl": "pkg:composer/simplesamlphp/simplesamlphp@1.14.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2etk-v7gt-pqhn" }, { "vulnerability": "VCID-3d8m-wtww-2yah" }, { "vulnerability": "VCID-4gux-4jrc-w7ce" }, { "vulnerability": "VCID-6fwf-1xps-t7g5" }, { "vulnerability": "VCID-96db-3jav-tkay" }, { "vulnerability": "VCID-b3fn-bnh5-qyg4" }, { "vulnerability": "VCID-cmqz-hp34-8kcx" }, { "vulnerability": "VCID-d1cm-xhdp-8qhv" }, { "vulnerability": "VCID-d1d1-jng1-4fe6" }, { "vulnerability": "VCID-dgs2-3xbu-c3ff" }, { "vulnerability": "VCID-dvwj-zd42-nbhe" }, { "vulnerability": "VCID-gwtm-bdae-3ufj" }, { "vulnerability": "VCID-hhq1-kxga-87ea" }, { "vulnerability": "VCID-j3sv-ccme-rbdn" }, { "vulnerability": "VCID-k5d6-k216-8ub8" }, { "vulnerability": "VCID-mfwu-mfhq-fkh8" }, { "vulnerability": "VCID-pskx-9d46-bfdt" }, { "vulnerability": "VCID-ugw3-xgan-k3fm" }, { "vulnerability": "VCID-va8h-3qxg-uqh2" }, { "vulnerability": "VCID-yn8q-d76k-q3h2" }, { "vulnerability": "VCID-ywuy-my3f-x7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.14.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/52749?format=api", "purl": "pkg:composer/simplesamlphp/simplesamlphp@1.14.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4gux-4jrc-w7ce" }, { "vulnerability": "VCID-6fwf-1xps-t7g5" }, { "vulnerability": "VCID-96db-3jav-tkay" }, { "vulnerability": "VCID-b3fn-bnh5-qyg4" }, { "vulnerability": "VCID-cmqz-hp34-8kcx" }, { "vulnerability": "VCID-d1cm-xhdp-8qhv" }, { "vulnerability": "VCID-d1d1-jng1-4fe6" }, { "vulnerability": "VCID-dgs2-3xbu-c3ff" }, { "vulnerability": "VCID-dvwj-zd42-nbhe" }, { "vulnerability": "VCID-gwtm-bdae-3ufj" }, { "vulnerability": "VCID-hhq1-kxga-87ea" }, { "vulnerability": "VCID-k5d6-k216-8ub8" }, { "vulnerability": "VCID-mfwu-mfhq-fkh8" }, { "vulnerability": "VCID-pskx-9d46-bfdt" }, { "vulnerability": "VCID-ugw3-xgan-k3fm" }, { "vulnerability": "VCID-va8h-3qxg-uqh2" }, { "vulnerability": "VCID-yn8q-d76k-q3h2" }, { "vulnerability": "VCID-ywuy-my3f-x7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.14.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/208870?format=api", "purl": "pkg:composer/simplesamlphp/simplesamlphp@1.14.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4gux-4jrc-w7ce" }, { "vulnerability": "VCID-6fwf-1xps-t7g5" }, { "vulnerability": "VCID-96db-3jav-tkay" }, { "vulnerability": "VCID-b3fn-bnh5-qyg4" }, { "vulnerability": "VCID-cmqz-hp34-8kcx" }, { "vulnerability": "VCID-d1cm-xhdp-8qhv" }, { "vulnerability": "VCID-d1d1-jng1-4fe6" }, { "vulnerability": "VCID-dgs2-3xbu-c3ff" }, { "vulnerability": "VCID-dvwj-zd42-nbhe" }, { "vulnerability": "VCID-gwtm-bdae-3ufj" }, { "vulnerability": "VCID-hhq1-kxga-87ea" }, { "vulnerability": "VCID-k5d6-k216-8ub8" }, { "vulnerability": "VCID-mfwu-mfhq-fkh8" }, { "vulnerability": "VCID-pskx-9d46-bfdt" }, { "vulnerability": "VCID-ugw3-xgan-k3fm" }, { "vulnerability": "VCID-va8h-3qxg-uqh2" }, { "vulnerability": "VCID-yn8q-d76k-q3h2" }, { "vulnerability": "VCID-ywuy-my3f-x7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.14.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/208871?format=api", "purl": "pkg:composer/simplesamlphp/simplesamlphp@1.14.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4gux-4jrc-w7ce" }, { "vulnerability": "VCID-6fwf-1xps-t7g5" }, { "vulnerability": "VCID-96db-3jav-tkay" }, { "vulnerability": "VCID-b3fn-bnh5-qyg4" }, { "vulnerability": "VCID-cmqz-hp34-8kcx" }, { "vulnerability": "VCID-d1cm-xhdp-8qhv" }, { "vulnerability": "VCID-d1d1-jng1-4fe6" }, { "vulnerability": "VCID-dgs2-3xbu-c3ff" }, { "vulnerability": "VCID-dvwj-zd42-nbhe" }, { "vulnerability": "VCID-gwtm-bdae-3ufj" }, { "vulnerability": "VCID-hhq1-kxga-87ea" }, { "vulnerability": "VCID-k5d6-k216-8ub8" }, { "vulnerability": "VCID-mfwu-mfhq-fkh8" }, { "vulnerability": "VCID-pskx-9d46-bfdt" }, { "vulnerability": "VCID-ugw3-xgan-k3fm" }, { "vulnerability": "VCID-va8h-3qxg-uqh2" }, { "vulnerability": "VCID-yn8q-d76k-q3h2" }, { "vulnerability": "VCID-ywuy-my3f-x7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.14.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/208872?format=api", "purl": "pkg:composer/simplesamlphp/simplesamlphp@1.14.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4gux-4jrc-w7ce" }, { "vulnerability": "VCID-6fwf-1xps-t7g5" }, { "vulnerability": "VCID-96db-3jav-tkay" }, { "vulnerability": "VCID-b3fn-bnh5-qyg4" }, { "vulnerability": "VCID-cmqz-hp34-8kcx" }, { "vulnerability": "VCID-d1cm-xhdp-8qhv" }, { "vulnerability": "VCID-d1d1-jng1-4fe6" }, { "vulnerability": "VCID-dgs2-3xbu-c3ff" }, { "vulnerability": "VCID-dvwj-zd42-nbhe" }, { "vulnerability": "VCID-gwtm-bdae-3ufj" }, { "vulnerability": "VCID-hhq1-kxga-87ea" }, { "vulnerability": "VCID-k5d6-k216-8ub8" }, { "vulnerability": "VCID-mfwu-mfhq-fkh8" }, { "vulnerability": "VCID-pskx-9d46-bfdt" }, { "vulnerability": "VCID-ugw3-xgan-k3fm" }, { "vulnerability": "VCID-va8h-3qxg-uqh2" }, { "vulnerability": "VCID-yn8q-d76k-q3h2" }, { "vulnerability": "VCID-ywuy-my3f-x7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.14.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/208873?format=api", "purl": "pkg:composer/simplesamlphp/simplesamlphp@1.14.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4gux-4jrc-w7ce" }, { "vulnerability": "VCID-6fwf-1xps-t7g5" }, { "vulnerability": "VCID-96db-3jav-tkay" }, { "vulnerability": "VCID-b3fn-bnh5-qyg4" }, { "vulnerability": "VCID-cmqz-hp34-8kcx" }, { "vulnerability": "VCID-d1cm-xhdp-8qhv" }, { "vulnerability": "VCID-d1d1-jng1-4fe6" }, { "vulnerability": "VCID-dgs2-3xbu-c3ff" }, { "vulnerability": "VCID-dvwj-zd42-nbhe" }, { "vulnerability": "VCID-gwtm-bdae-3ufj" }, { "vulnerability": "VCID-hhq1-kxga-87ea" }, { "vulnerability": "VCID-k5d6-k216-8ub8" }, { "vulnerability": "VCID-mfwu-mfhq-fkh8" }, { "vulnerability": "VCID-pskx-9d46-bfdt" }, { "vulnerability": "VCID-ugw3-xgan-k3fm" }, { "vulnerability": "VCID-va8h-3qxg-uqh2" }, { "vulnerability": "VCID-yn8q-d76k-q3h2" }, { "vulnerability": "VCID-ywuy-my3f-x7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.14.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/208874?format=api", "purl": "pkg:composer/simplesamlphp/simplesamlphp@1.14.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4gux-4jrc-w7ce" }, { "vulnerability": "VCID-6fwf-1xps-t7g5" }, { "vulnerability": "VCID-96db-3jav-tkay" }, { "vulnerability": "VCID-b3fn-bnh5-qyg4" }, { "vulnerability": "VCID-cmqz-hp34-8kcx" }, { "vulnerability": "VCID-d1cm-xhdp-8qhv" }, { "vulnerability": "VCID-d1d1-jng1-4fe6" }, { "vulnerability": "VCID-dgs2-3xbu-c3ff" }, { "vulnerability": "VCID-dvwj-zd42-nbhe" }, { "vulnerability": "VCID-gwtm-bdae-3ufj" }, { "vulnerability": "VCID-hhq1-kxga-87ea" }, { "vulnerability": "VCID-k5d6-k216-8ub8" }, { "vulnerability": "VCID-mfwu-mfhq-fkh8" }, { "vulnerability": "VCID-pskx-9d46-bfdt" }, { "vulnerability": "VCID-ugw3-xgan-k3fm" }, { "vulnerability": "VCID-va8h-3qxg-uqh2" }, { "vulnerability": "VCID-yn8q-d76k-q3h2" }, { "vulnerability": "VCID-ywuy-my3f-x7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.14.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/54041?format=api", "purl": "pkg:composer/simplesamlphp/simplesamlphp@1.14.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4gux-4jrc-w7ce" }, { "vulnerability": "VCID-6fwf-1xps-t7g5" }, { "vulnerability": "VCID-96db-3jav-tkay" }, { "vulnerability": "VCID-b3fn-bnh5-qyg4" }, { "vulnerability": "VCID-cmqz-hp34-8kcx" }, { "vulnerability": "VCID-d1cm-xhdp-8qhv" }, { "vulnerability": "VCID-d1d1-jng1-4fe6" }, { "vulnerability": "VCID-dgs2-3xbu-c3ff" }, { "vulnerability": "VCID-dvwj-zd42-nbhe" }, { "vulnerability": "VCID-gwtm-bdae-3ufj" }, { "vulnerability": "VCID-hhq1-kxga-87ea" }, { "vulnerability": "VCID-k5d6-k216-8ub8" }, { "vulnerability": "VCID-mfwu-mfhq-fkh8" }, { "vulnerability": "VCID-pskx-9d46-bfdt" }, { "vulnerability": "VCID-ugw3-xgan-k3fm" }, { "vulnerability": "VCID-va8h-3qxg-uqh2" }, { "vulnerability": "VCID-yn8q-d76k-q3h2" }, { "vulnerability": "VCID-ywuy-my3f-x7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.14.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/53290?format=api", "purl": "pkg:composer/simplesamlphp/simplesamlphp@1.14.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4gux-4jrc-w7ce" }, { "vulnerability": "VCID-6fwf-1xps-t7g5" }, { "vulnerability": "VCID-96db-3jav-tkay" }, { "vulnerability": "VCID-cmqz-hp34-8kcx" }, { "vulnerability": "VCID-d1cm-xhdp-8qhv" }, { "vulnerability": "VCID-dgs2-3xbu-c3ff" }, { "vulnerability": "VCID-dvwj-zd42-nbhe" }, { "vulnerability": "VCID-gwtm-bdae-3ufj" }, { "vulnerability": "VCID-hhq1-kxga-87ea" }, { "vulnerability": "VCID-k5d6-k216-8ub8" }, { "vulnerability": "VCID-mfwu-mfhq-fkh8" }, { "vulnerability": "VCID-pskx-9d46-bfdt" }, { "vulnerability": "VCID-ugw3-xgan-k3fm" }, { "vulnerability": "VCID-va8h-3qxg-uqh2" }, { "vulnerability": "VCID-yn8q-d76k-q3h2" }, { "vulnerability": "VCID-ywuy-my3f-x7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.14.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/54042?format=api", "purl": "pkg:composer/simplesamlphp/simplesamlphp@1.14.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4gux-4jrc-w7ce" }, { "vulnerability": "VCID-6fwf-1xps-t7g5" }, { "vulnerability": "VCID-96db-3jav-tkay" }, { "vulnerability": "VCID-cmqz-hp34-8kcx" }, { "vulnerability": "VCID-d1cm-xhdp-8qhv" }, { "vulnerability": "VCID-dvwj-zd42-nbhe" }, { "vulnerability": "VCID-gwtm-bdae-3ufj" }, { "vulnerability": "VCID-hhq1-kxga-87ea" }, { "vulnerability": "VCID-mfwu-mfhq-fkh8" }, { "vulnerability": "VCID-pskx-9d46-bfdt" }, { "vulnerability": "VCID-ugw3-xgan-k3fm" }, { "vulnerability": "VCID-va8h-3qxg-uqh2" }, { "vulnerability": "VCID-yn8q-d76k-q3h2" }, { "vulnerability": "VCID-ywuy-my3f-x7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.14.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/54043?format=api", "purl": "pkg:composer/simplesamlphp/simplesamlphp@1.14.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4gux-4jrc-w7ce" }, { "vulnerability": "VCID-6fwf-1xps-t7g5" }, { "vulnerability": "VCID-96db-3jav-tkay" }, { "vulnerability": "VCID-cmqz-hp34-8kcx" }, { "vulnerability": "VCID-d1cm-xhdp-8qhv" }, { "vulnerability": "VCID-gwtm-bdae-3ufj" }, { "vulnerability": "VCID-hhq1-kxga-87ea" }, { "vulnerability": "VCID-mfwu-mfhq-fkh8" }, { "vulnerability": "VCID-pskx-9d46-bfdt" }, { "vulnerability": "VCID-ugw3-xgan-k3fm" }, { "vulnerability": "VCID-va8h-3qxg-uqh2" }, { "vulnerability": "VCID-yn8q-d76k-q3h2" }, { "vulnerability": "VCID-ywuy-my3f-x7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.14.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/54012?format=api", "purl": "pkg:composer/simplesamlphp/simplesamlphp@1.14.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4gux-4jrc-w7ce" }, { "vulnerability": "VCID-6fwf-1xps-t7g5" }, { "vulnerability": "VCID-96db-3jav-tkay" }, { "vulnerability": "VCID-cmqz-hp34-8kcx" }, { "vulnerability": "VCID-d1cm-xhdp-8qhv" }, { "vulnerability": "VCID-gwtm-bdae-3ufj" }, { "vulnerability": "VCID-hhq1-kxga-87ea" }, { "vulnerability": "VCID-mfwu-mfhq-fkh8" }, { "vulnerability": "VCID-pskx-9d46-bfdt" }, { "vulnerability": "VCID-ugw3-xgan-k3fm" }, { "vulnerability": "VCID-ywuy-my3f-x7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.14.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/54013?format=api", "purl": "pkg:composer/simplesamlphp/simplesamlphp@1.14.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4gux-4jrc-w7ce" }, { "vulnerability": "VCID-6fwf-1xps-t7g5" }, { "vulnerability": "VCID-96db-3jav-tkay" }, { "vulnerability": "VCID-cmqz-hp34-8kcx" }, { "vulnerability": "VCID-d1cm-xhdp-8qhv" }, { "vulnerability": "VCID-hhq1-kxga-87ea" }, { "vulnerability": "VCID-mfwu-mfhq-fkh8" }, { "vulnerability": "VCID-pskx-9d46-bfdt" }, { "vulnerability": "VCID-ugw3-xgan-k3fm" }, { "vulnerability": "VCID-ywuy-my3f-x7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.14.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/54985?format=api", "purl": "pkg:composer/simplesamlphp/simplesamlphp@1.14.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4gux-4jrc-w7ce" }, { "vulnerability": "VCID-6fwf-1xps-t7g5" }, { "vulnerability": "VCID-96db-3jav-tkay" }, { "vulnerability": "VCID-cmqz-hp34-8kcx" }, { "vulnerability": "VCID-d1cm-xhdp-8qhv" }, { "vulnerability": "VCID-hhq1-kxga-87ea" }, { "vulnerability": "VCID-mfwu-mfhq-fkh8" }, { "vulnerability": "VCID-ugw3-xgan-k3fm" }, { "vulnerability": "VCID-ywuy-my3f-x7cd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.14.16" } ], "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/201710-01.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/201710-01.yaml" }, { "reference_url": "https://github.com/simplesamlphp/simplesamlphp", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/simplesamlphp/simplesamlphp" }, { "reference_url": "https://github.com/simplesamlphp/simplesamlphp/commit/e2d53086abbb253efb24ddcb49b116246eb0b6ca", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/simplesamlphp/simplesamlphp/commit/e2d53086abbb253efb24ddcb49b116246eb0b6ca" }, { "reference_url": "https://simplesamlphp.org/security/201710-01", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://simplesamlphp.org/security/201710-01" }, { "reference_url": "https://github.com/advisories/GHSA-fjr2-r2mp-484p", "reference_id": "GHSA-fjr2-r2mp-484p", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fjr2-r2mp-484p" } ], "weaknesses": [ { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": "9.0 - 10.0", "exploitability": "0.5", "weighted_severity": "9.0", "risk_score": 4.5, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ugw3-xgan-k3fm" }