VulnerableCode Package Details - pkg:composer/simplesamlphp/saml2@3.1.4

Search for packages

Vulnerability	Summary	Fixed by
VCID-4ghf-nbrc-m7e2 Aliases: CVE-2024-52806 GHSA-pxm4-r5ph-q2m2	SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18.	4.6.14 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-8qrc-1cx7-zuac Aliases: CVE-2024-52596 GHSA-2x65-fpch-2fcm	SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 1.19.0.	4.6.14 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-fqhw-vnhk-j7fu Aliases: CVE-2025-27773 GHSA-46r4-f8gj-xg56	The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to accept an unsigned message. Versions 4.17.0 and 5.0.0-alpha.20 contain a fix for the issue.	4.17.0 Affected by 0 other vulnerabilities. 5.0.0-alpha.20 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-4ghf-nbrc-m7e2
Aliases:
CVE-2024-52806
GHSA-pxm4-r5ph-q2m2

SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18.

4.6.14
Affected by 1 other vulnerability.

VCID-8qrc-1cx7-zuac
Aliases:
CVE-2024-52596
GHSA-2x65-fpch-2fcm

SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 1.19.0.

4.6.14
Affected by 1 other vulnerability.

VCID-fqhw-vnhk-j7fu
Aliases:
CVE-2025-27773
GHSA-46r4-f8gj-xg56

The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to accept an unsigned message. Versions 4.17.0 and 5.0.0-alpha.20 contain a fix for the issue.

4.17.0
Affected by 0 other vulnerabilities.

5.0.0-alpha.20
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-r99h-renx-4bd1	HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accepted as valid by forcing an error during validation. This occurs because of a dependency on PHP functionality that interprets a -1 error code as a true boolean value.	CVE-2018-7711 GHSA-g888-g2pp-82hf

Vulnerability

Summary

Aliases

VCID-r99h-renx-4bd1

HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accepted as valid by forcing an error during validation. This occurs because of a dependency on PHP functionality that interprets a -1 error code as a true boolean value.

CVE-2018-7711
GHSA-g888-g2pp-82hf

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-14T00:57:11.861735+00:00	GHSA Importer	Fixing	VCID-r99h-renx-4bd1	https://github.com/advisories/GHSA-g888-g2pp-82hf	38.6.0
2026-06-12T19:54:33.188282+00:00	GitLab Importer	Affected by	VCID-fqhw-vnhk-j7fu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/simplesamlphp/saml2/CVE-2025-27773.yml	38.6.0
2026-06-12T19:47:42.738937+00:00	GitLab Importer	Affected by	VCID-8qrc-1cx7-zuac	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/simplesamlphp/saml2/CVE-2024-52596.yml	38.6.0
2026-06-12T19:47:35.173925+00:00	GitLab Importer	Affected by	VCID-4ghf-nbrc-m7e2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/simplesamlphp/saml2/CVE-2024-52806.yml	38.6.0
2026-06-12T15:40:23.551452+00:00	GitLab Importer	Fixing	VCID-r99h-renx-4bd1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/simplesamlphp/saml2/CVE-2018-7711.yml	38.6.0
2026-06-12T08:22:33.360821+00:00	GithubOSV Importer	Fixing	VCID-r99h-renx-4bd1	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-g888-g2pp-82hf/GHSA-g888-g2pp-82hf.json	38.6.0