VulnerableCode Package Details - pkg:composer/simplesamlphp/simplesamlphp@1.17.0-rc2

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:composer/simplesamlphp/simplesamlphp@1.17.0-rc2

Essentials
History (4)

purl	pkg:composer/simplesamlphp/simplesamlphp@1.17.0-rc2

Next non-vulnerable version	2.0.15
Latest non-vulnerable version	2.3.4
Risk	4.0

Vulnerabilities affecting this package (4)

Vulnerability	Summary	Fixed by
VCID-hqfj-cd75-nkfa Aliases: GHSA-j5g2-q29x-cw3h	SimpleSAMLphp vulnerable to XXE in parsing SAML messages ## Withdrawn Advisory This advisory has been withdrawn because the vulnerability affects users of the SimpleSAMLphp tarball, not the SimpleSAMLphp Composer package. The underlying information about CVE-2024-52596 is still valid. ## Original Description # Summary When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. ## Mitigation: Remove the `LIBXML_DTDLOAD \| LIBXML_DTDATTR` options from `$options` is in: https://github.com/simplesamlphp/saml2/blob/717c0adc4877ebd58428637e5626345e59fa0109/src/SAML2/DOMDocumentFactory.php#L41 ## Background / details To be published on Dec 8th	2.0.15 Affected by 0 other vulnerabilities. 2.1.0-rc1 Affected by 0 other vulnerabilities. 2.1.7 Affected by 0 other vulnerabilities. 2.2.4 Affected by 0 other vulnerabilities. 2.3.4 Affected by 0 other vulnerabilities.
VCID-mt8a-t14t-fycw Aliases: CVE-2020-5301 GHSA-24m3-w8g9-jwpq	Information disclosure of source code in SimpleSAMLphp	1.18.6 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-npe5-1a82-bbh2 Aliases: GHSA-vpr3-cw3h-prw8	SimpleSAMLphp Reflected Cross-site Scripting vulnerability	1.17.3 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-pwbg-dz5n-t7fj Aliases: GMS-2019-149	Cross-site Scripting Reflected Cross-Site-Scripting in simplesamlphp.	1.17.0 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T19:47:38.293342+00:00	GitLab Importer	Affected by	VCID-hqfj-cd75-nkfa	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/simplesamlphp/simplesamlphp/GHSA-j5g2-q29x-cw3h.yml	38.6.0
2026-06-12T19:30:12.467157+00:00	GitLab Importer	Affected by	VCID-npe5-1a82-bbh2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/simplesamlphp/simplesamlphp/GHSA-vpr3-cw3h-prw8.yml	38.6.0
2026-06-12T17:20:01.146273+00:00	GitLab Importer	Affected by	VCID-mt8a-t14t-fycw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/simplesamlphp/simplesamlphp/CVE-2020-5301.yml	38.6.0
2026-06-12T17:12:49.044531+00:00	GitLab Importer	Affected by	VCID-pwbg-dz5n-t7fj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/simplesamlphp/simplesamlphp/GMS-2019-149.yml	38.6.0