VulnerableCode Package Details - pkg:composer/simplesamlphp/saml2@3.2.3

Search for packages

Vulnerability	Summary	Fixed by
VCID-4ghf-nbrc-m7e2 Aliases: CVE-2024-52806 GHSA-pxm4-r5ph-q2m2	SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18.	4.6.14 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-8qrc-1cx7-zuac Aliases: CVE-2024-52596 GHSA-2x65-fpch-2fcm	SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 1.19.0.	4.6.14 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-fqhw-vnhk-j7fu Aliases: CVE-2025-27773 GHSA-46r4-f8gj-xg56	The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to accept an unsigned message. Versions 4.17.0 and 5.0.0-alpha.20 contain a fix for the issue.	4.17.0 Affected by 0 other vulnerabilities. 5.0.0-alpha.20 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-4ghf-nbrc-m7e2
Aliases:
CVE-2024-52806
GHSA-pxm4-r5ph-q2m2

SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18.

4.6.14
Affected by 1 other vulnerability.

VCID-8qrc-1cx7-zuac
Aliases:
CVE-2024-52596
GHSA-2x65-fpch-2fcm

SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 1.19.0.

4.6.14
Affected by 1 other vulnerability.

VCID-fqhw-vnhk-j7fu
Aliases:
CVE-2025-27773
GHSA-46r4-f8gj-xg56

The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to accept an unsigned message. Versions 4.17.0 and 5.0.0-alpha.20 contain a fix for the issue.

4.17.0
Affected by 0 other vulnerabilities.

5.0.0-alpha.20
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T19:54:33.213326+00:00	GitLab Importer	Affected by	VCID-fqhw-vnhk-j7fu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/simplesamlphp/saml2/CVE-2025-27773.yml	38.6.0
2026-06-12T19:47:42.749231+00:00	GitLab Importer	Affected by	VCID-8qrc-1cx7-zuac	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/simplesamlphp/saml2/CVE-2024-52596.yml	38.6.0
2026-06-12T19:47:35.187621+00:00	GitLab Importer	Affected by	VCID-4ghf-nbrc-m7e2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/simplesamlphp/saml2/CVE-2024-52806.yml	38.6.0