Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/simplesamlphp/simplesamlphp@1.19.3
purl pkg:composer/simplesamlphp/simplesamlphp@1.19.3
Next non-vulnerable version 2.0.15
Latest non-vulnerable version 2.3.4
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-hqfj-cd75-nkfa
Aliases:
GHSA-j5g2-q29x-cw3h
SimpleSAMLphp vulnerable to XXE in parsing SAML messages ## Withdrawn Advisory This advisory has been withdrawn because the vulnerability affects users of the SimpleSAMLphp tarball, not the SimpleSAMLphp Composer package. The underlying information about CVE-2024-52596 is still valid. ## Original Description # Summary When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. ## Mitigation: Remove the `LIBXML_DTDLOAD | LIBXML_DTDATTR` options from `$options` is in: https://github.com/simplesamlphp/saml2/blob/717c0adc4877ebd58428637e5626345e59fa0109/src/SAML2/DOMDocumentFactory.php#L41 ## Background / details To be published on Dec 8th
2.0.15
Affected by 0 other vulnerabilities.
2.1.0-rc1
Affected by 0 other vulnerabilities.
2.1.7
Affected by 0 other vulnerabilities.
2.2.4
Affected by 0 other vulnerabilities.
2.3.4
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-12T19:47:38.344068+00:00 GitLab Importer Affected by VCID-hqfj-cd75-nkfa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/simplesamlphp/simplesamlphp/GHSA-j5g2-q29x-cw3h.yml 38.6.0