VulnerableCode Package Details - pkg:composer/simplesamlphp/xml-security@0.2.2

Search for packages

Vulnerability	Summary	Fixed by
VCID-4ghf-nbrc-m7e2 Aliases: CVE-2024-52806 GHSA-pxm4-r5ph-q2m2	SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18.	1.10.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-8qrc-1cx7-zuac Aliases: CVE-2024-52596 GHSA-2x65-fpch-2fcm	SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 1.19.0.	1.10.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-vjvj-dtk2-fucr Aliases: CVE-2026-32600 GHSA-r353-4845-pr5p	xml-security is a library that implements XML signatures and encryption. Prior to versions 2.3.1 and 1.13.9, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover the GHASH key, and decrypt the encrypted nodes. It also allows to forge arbitrary ciphertexts without knowing the encryption key. This vulnerability is fixed in 2.3.1 and 1.13.9.	1.13.9 Affected by 0 other vulnerabilities. 2.3.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-4ghf-nbrc-m7e2
Aliases:
CVE-2024-52806
GHSA-pxm4-r5ph-q2m2

SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18.

1.10.0
Affected by 1 other vulnerability.

VCID-8qrc-1cx7-zuac
Aliases:
CVE-2024-52596
GHSA-2x65-fpch-2fcm

SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 1.19.0.

1.10.0
Affected by 1 other vulnerability.

VCID-vjvj-dtk2-fucr
Aliases:
CVE-2026-32600
GHSA-r353-4845-pr5p

xml-security is a library that implements XML signatures and encryption. Prior to versions 2.3.1 and 1.13.9, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover the GHASH key, and decrypt the encrypted nodes. It also allows to forge arbitrary ciphertexts without knowing the encryption key. This vulnerability is fixed in 2.3.1 and 1.13.9.

1.13.9
Affected by 0 other vulnerabilities.

2.3.1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T21:28:52.635500+00:00	GitLab Importer	Affected by	VCID-vjvj-dtk2-fucr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/simplesamlphp/xml-security/CVE-2026-32600.yml	38.6.0
2026-06-12T19:47:44.315587+00:00	GitLab Importer	Affected by	VCID-8qrc-1cx7-zuac	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/simplesamlphp/xml-security/CVE-2024-52596.yml	38.6.0
2026-06-12T19:47:37.070155+00:00	GitLab Importer	Affected by	VCID-4ghf-nbrc-m7e2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/simplesamlphp/xml-security/CVE-2024-52806.yml	38.6.0