{"url":"http://public2.vulnerablecode.io/api/packages/128904?format=json","purl":"pkg:deb/debian/simplesamlphp@1.15.2-1?distro=sid","type":"deb","namespace":"debian","name":"simplesamlphp","version":"1.15.2-1","qualifiers":{"distro":"sid"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.15.3-1","latest_non_vulnerable_version":"1.19.7-2","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39369?format=json","vulnerability_id":"VCID-4gux-4jrc-w7ce","summary":"URL Redirection to Untrusted Site (Open Redirect)\n`SimpleSAMLphp` allows remote attackers to bypass an open redirect protection mechanism via crafted authority data in a URL.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-6520","reference_id":"","reference_type":"","scores":[{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37218","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-6520"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/CVE-2018-6520.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/CVE-2018-6520.yaml"},{"reference_url":"https://github.com/simplesamlphp/simplesamlphp","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/simplesamlphp/simplesamlphp"},{"reference_url":"https://github.com/simplesamlphp/simplesamlphp/issues/1473","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/simplesamlphp/simplesamlphp/issues/1473"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-6520","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-6520"},{"reference_url":"https://simplesamlphp.org/security/201801-02","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://simplesamlphp.org/security/201801-02"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/128904?format=json","purl":"pkg:deb/debian/simplesamlphp@1.15.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/simplesamlphp@1.15.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/128895?format=json","purl":"pkg:deb/debian/simplesamlphp@1.19.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/simplesamlphp@1.19.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/128893?format=json","purl":"pkg:deb/debian/simplesamlphp@1.19.7-1%2Bdeb12u2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/simplesamlphp@1.19.7-1%252Bdeb12u2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/128896?format=json","purl":"pkg:deb/debian/simplesamlphp@1.19.7-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/simplesamlphp@1.19.7-2%3Fdistro=sid"}],"aliases":["CVE-2018-6520","GHSA-2qfc-48v5-4w5h"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4gux-4jrc-w7ce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39371?format=json","vulnerability_id":"VCID-ucwf-xdma-h7fc","summary":"Injection Vulnerability\nThe SAML2 library in `SimpleSAMLphp` has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-6519","reference_id":"","reference_type":"","scores":[{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64799","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-6519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12867","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12867"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12869","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12869"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12874","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12874"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18121","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18121"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6521","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6521"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7644","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7644"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/saml2/CVE-2018-6519.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/saml2/CVE-2018-6519.yaml"},{"reference_url":"https://github.com/simplesamlphp/simplesamlphp","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/simplesamlphp/simplesamlphp"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-6519","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-6519"},{"reference_url":"https://simplesamlphp.org/security/201801-01","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://simplesamlphp.org/security/201801-01"},{"reference_url":"https://www.debian.org/security/2018/dsa-4127","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4127"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/128904?format=json","purl":"pkg:deb/debian/simplesamlphp@1.15.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/simplesamlphp@1.15.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/128895?format=json","purl":"pkg:deb/debian/simplesamlphp@1.19.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/simplesamlphp@1.19.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/128893?format=json","purl":"pkg:deb/debian/simplesamlphp@1.19.7-1%2Bdeb12u2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/simplesamlphp@1.19.7-1%252Bdeb12u2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/128896?format=json","purl":"pkg:deb/debian/simplesamlphp@1.19.7-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/simplesamlphp@1.19.7-2%3Fdistro=sid"}],"aliases":["CVE-2018-6519","GHSA-hhm8-2j4g-mpgg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ucwf-xdma-h7fc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39368?format=json","vulnerability_id":"VCID-ywuy-my3f-x7cd","summary":"Security Misconfigurations\nThe sqlauth module in `SimpleSAMLphp` relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-6521","reference_id":"","reference_type":"","scores":[{"value":"0.00585","scoring_system":"epss","scoring_elements":"0.69429","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-6521"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/CVE-2018-6521.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/CVE-2018-6521.yaml"},{"reference_url":"https://github.com/simplesamlphp/simplesamlphp","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/simplesamlphp/simplesamlphp"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/02/msg00008.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/02/msg00008.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-6521","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-6521"},{"reference_url":"https://simplesamlphp.org/security/201801-03","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://simplesamlphp.org/security/201801-03"},{"reference_url":"https://www.debian.org/security/2018/dsa-4127","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4127"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/128904?format=json","purl":"pkg:deb/debian/simplesamlphp@1.15.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/simplesamlphp@1.15.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/128895?format=json","purl":"pkg:deb/debian/simplesamlphp@1.19.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/simplesamlphp@1.19.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/128893?format=json","purl":"pkg:deb/debian/simplesamlphp@1.19.7-1%2Bdeb12u2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/simplesamlphp@1.19.7-1%252Bdeb12u2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/128896?format=json","purl":"pkg:deb/debian/simplesamlphp@1.19.7-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/simplesamlphp@1.19.7-2%3Fdistro=sid"}],"aliases":["CVE-2018-6521","GHSA-qv5p-6wrc-79wg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ywuy-my3f-x7cd"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/simplesamlphp@1.15.2-1%3Fdistro=sid"}