VulnerableCode Package Details - pkg:composer/simplesamlphp/xml-security@1.10.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-vjvj-dtk2-fucr Aliases: CVE-2026-32600 GHSA-r353-4845-pr5p	xml-security is a library that implements XML signatures and encryption. Prior to versions 2.3.1 and 1.13.9, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover the GHASH key, and decrypt the encrypted nodes. It also allows to forge arbitrary ciphertexts without knowing the encryption key. This vulnerability is fixed in 2.3.1 and 1.13.9.	1.13.9 Affected by 0 other vulnerabilities. 2.3.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-vjvj-dtk2-fucr
Aliases:
CVE-2026-32600
GHSA-r353-4845-pr5p

xml-security is a library that implements XML signatures and encryption. Prior to versions 2.3.1 and 1.13.9, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover the GHASH key, and decrypt the encrypted nodes. It also allows to forge arbitrary ciphertexts without knowing the encryption key. This vulnerability is fixed in 2.3.1 and 1.13.9.

1.13.9
Affected by 0 other vulnerabilities.

2.3.1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-4ghf-nbrc-m7e2	SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18.	CVE-2024-52806 GHSA-pxm4-r5ph-q2m2
VCID-8qrc-1cx7-zuac	SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 1.19.0.	CVE-2024-52596 GHSA-2x65-fpch-2fcm

Vulnerability

Summary

Aliases

VCID-4ghf-nbrc-m7e2

SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18.

CVE-2024-52806
GHSA-pxm4-r5ph-q2m2

VCID-8qrc-1cx7-zuac

SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 1.19.0.

CVE-2024-52596
GHSA-2x65-fpch-2fcm

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T21:28:53.004777+00:00	GitLab Importer	Affected by	VCID-vjvj-dtk2-fucr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/simplesamlphp/xml-security/CVE-2026-32600.yml	38.6.0
2026-06-12T19:47:44.468617+00:00	GitLab Importer	Fixing	VCID-8qrc-1cx7-zuac	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/simplesamlphp/xml-security/CVE-2024-52596.yml	38.6.0
2026-06-12T19:47:37.256099+00:00	GitLab Importer	Fixing	VCID-4ghf-nbrc-m7e2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/simplesamlphp/xml-security/CVE-2024-52806.yml	38.6.0