VulnerableCode Package Details - pkg:composer/simplesamlphp/xml-security@1.13.9

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:composer/simplesamlphp/xml-security@1.13.9

purl	pkg:composer/simplesamlphp/xml-security@1.13.9

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-vjvj-dtk2-fucr	xml-security is a library that implements XML signatures and encryption. Prior to versions 2.3.1 and 1.13.9, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover the GHASH key, and decrypt the encrypted nodes. It also allows to forge arbitrary ciphertexts without knowing the encryption key. This vulnerability is fixed in 2.3.1 and 1.13.9.	CVE-2026-32600 GHSA-r353-4845-pr5p

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-13T06:27:58.133363+00:00	GHSA Importer	Fixing	VCID-vjvj-dtk2-fucr	https://github.com/advisories/GHSA-r353-4845-pr5p	38.6.0
2026-06-12T07:50:17.769614+00:00	GithubOSV Importer	Fixing	VCID-vjvj-dtk2-fucr	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-r353-4845-pr5p/GHSA-r353-4845-pr5p.json	38.6.0