Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/simplesamlphp/saml2@3.1.2

Type composer

Namespace simplesamlphp

Name saml2

Version 3.1.2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.17.0

Latest_non_vulnerable_version 4.17.0

Affected_by_vulnerabilities

url VCID-6c55-4pyx-ckbx

vulnerability_id VCID-6c55-4pyx-ckbx

summary

The SimpleSAMLphp SAML2 library incorrectly verifies signatures for HTTP-Redirect binding
There's a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to accept an unsigned message.

I believe that it exists for v4 only. I have not yet developed a PoC.

V5 is well designed and instead builds the signed query from the same message that will be consumed.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-27773

reference_id

reference_type

scores

value	0.00157
scoring_system	epss
scoring_elements	0.36226
published_at	2026-06-07T12:55:00Z

value	0.00157
scoring_system	epss
scoring_elements	0.36263
published_at	2026-06-06T12:55:00Z

value	0.00157
scoring_system	epss
scoring_elements	0.36254
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-27773

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27773
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27773

reference_url

https://github.com/simplesamlphp/saml2

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/simplesamlphp/saml2

reference_url

https://github.com/simplesamlphp/saml2/blob/9545abd0d9d48388f2fa00469c5c1e0294f0303e/src/SAML2/HTTPRedirect.php#L104-L113

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-11T19:26:31Z/

url

https://github.com/simplesamlphp/saml2/blob/9545abd0d9d48388f2fa00469c5c1e0294f0303e/src/SAML2/HTTPRedirect.php#L104-L113

reference_url

https://github.com/simplesamlphp/saml2/blob/9545abd0d9d48388f2fa00469c5c1e0294f0303e/src/SAML2/HTTPRedirect.php#L178-L217

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-11T19:26:31Z/

url

https://github.com/simplesamlphp/saml2/blob/9545abd0d9d48388f2fa00469c5c1e0294f0303e/src/SAML2/HTTPRedirect.php#L178-L217

reference_url

https://github.com/simplesamlphp/saml2/commit/7867d6099dc7f31bed1ea10e5bea159c5623d2a0

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-11T19:26:31Z/

url

https://github.com/simplesamlphp/saml2/commit/7867d6099dc7f31bed1ea10e5bea159c5623d2a0

reference_url

https://lists.debian.org/debian-lts-announce/2025/05/msg00013.html

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/05/msg00013.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100595
reference_id	1100595
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100595

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-27773

reference_id

CVE-2025-27773

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-27773

reference_url	https://github.com/advisories/GHSA-46r4-f8gj-xg56
reference_id	GHSA-46r4-f8gj-xg56
reference_type
scores
url	https://github.com/advisories/GHSA-46r4-f8gj-xg56

reference_url

https://github.com/simplesamlphp/saml2/security/advisories/GHSA-46r4-f8gj-xg56

reference_id

GHSA-46r4-f8gj-xg56

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-11T19:26:31Z/

url

https://github.com/simplesamlphp/saml2/security/advisories/GHSA-46r4-f8gj-xg56

fixed_packages

url	pkg:composer/simplesamlphp/saml2@4.17.0
purl	pkg:composer/simplesamlphp/saml2@4.17.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@4.17.0

url	pkg:composer/simplesamlphp/saml2@5.0.0-alpha.20
purl	pkg:composer/simplesamlphp/saml2@5.0.0-alpha.20
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@5.0.0-alpha.20

aliases CVE-2025-27773, GHSA-46r4-f8gj-xg56

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6c55-4pyx-ckbx

url VCID-8b8r-g7e2-qfb2

vulnerability_id VCID-8b8r-g7e2-qfb2

summary

SimpleSAMLphp SAML2 has an XXE in parsing SAML messages
Summary

When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-52806

reference_id

reference_type

scores

value	0.00183
scoring_system	epss
scoring_elements	0.3982
published_at	2026-06-07T12:55:00Z

value	0.00183
scoring_system	epss
scoring_elements	0.39846
published_at	2026-06-06T12:55:00Z

value	0.00183
scoring_system	epss
scoring_elements	0.39843
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-52806

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52806
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52806

reference_url

https://github.com/simplesamlphp/saml2

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/simplesamlphp/saml2

reference_url

https://github.com/simplesamlphp/saml2/commit/5fd4ce4596656fb0c1278f15b8305825412e89f7

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-02T19:10:45Z/

url

https://github.com/simplesamlphp/saml2/commit/5fd4ce4596656fb0c1278f15b8305825412e89f7

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088904
reference_id	1088904
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088904

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-52806

reference_id

CVE-2024-52806

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-52806

reference_url	https://github.com/advisories/GHSA-pxm4-r5ph-q2m2
reference_id	GHSA-pxm4-r5ph-q2m2
reference_type
scores
url	https://github.com/advisories/GHSA-pxm4-r5ph-q2m2

reference_url

https://github.com/simplesamlphp/saml2/security/advisories/GHSA-pxm4-r5ph-q2m2

reference_id

GHSA-pxm4-r5ph-q2m2

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-02T19:10:45Z/

url

https://github.com/simplesamlphp/saml2/security/advisories/GHSA-pxm4-r5ph-q2m2

fixed_packages

url pkg:composer/simplesamlphp/saml2@4.6.14

purl pkg:composer/simplesamlphp/saml2@4.6.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6c55-4pyx-ckbx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@4.6.14

aliases CVE-2024-52806, GHSA-pxm4-r5ph-q2m2

risk_score 3.8

exploitability 0.5

weighted_severity 7.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8b8r-g7e2-qfb2

url VCID-ma9b-k5br-ffhd

vulnerability_id VCID-ma9b-k5br-ffhd

summary

SimpleSAMLphp xml-common XXE vulnerability
When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-52596

reference_id

reference_type

scores

value	0.00218
scoring_system	epss
scoring_elements	0.44516
published_at	2026-06-07T12:55:00Z

value	0.00218
scoring_system	epss
scoring_elements	0.44538
published_at	2026-06-06T12:55:00Z

value	0.00218
scoring_system	epss
scoring_elements	0.44529
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-52596

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52596
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52596

reference_url

https://github.com/simplesamlphp/xml-common

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:L/SI:L/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/simplesamlphp/xml-common

reference_url

https://github.com/simplesamlphp/xml-common/commit/fa4ade391c3194466acf5fbfd5d2ecdbf5e831f5

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:L/SI:L/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-02T18:32:34Z/

url

https://github.com/simplesamlphp/xml-common/commit/fa4ade391c3194466acf5fbfd5d2ecdbf5e831f5

reference_url

https://lists.debian.org/debian-lts-announce/2024/12/msg00001.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:L/SI:L/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2024/12/msg00001.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088904
reference_id	1088904
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088904

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-52596

reference_id

CVE-2024-52596

reference_type

scores

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:L/SI:L/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-52596

reference_url	https://github.com/advisories/GHSA-2x65-fpch-2fcm
reference_id	GHSA-2x65-fpch-2fcm
reference_type
scores
url	https://github.com/advisories/GHSA-2x65-fpch-2fcm

reference_url

https://github.com/simplesamlphp/xml-common/security/advisories/GHSA-2x65-fpch-2fcm

reference_id

GHSA-2x65-fpch-2fcm

reference_type

scores

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:L/SI:L/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-02T18:32:34Z/

url

https://github.com/simplesamlphp/xml-common/security/advisories/GHSA-2x65-fpch-2fcm

fixed_packages

url pkg:composer/simplesamlphp/saml2@4.6.14

purl pkg:composer/simplesamlphp/saml2@4.6.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6c55-4pyx-ckbx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@4.6.14

aliases CVE-2024-52596, GHSA-2x65-fpch-2fcm

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ma9b-k5br-ffhd

url VCID-wbt9-snjj-uuea

vulnerability_id VCID-wbt9-snjj-uuea

summary

Improper signature validation
The `XmlSecLibs` library as used in the saml2 library in SimpleSAMLphp incorrectly verifies signatures on SAML assertions, allowing a remote attacker to construct a crafted SAML assertion on behalf of an Identity Provider that would pass as cryptographically valid, thereby allowing them to impersonate a user from that Identity Provider, aka a key confusion issue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-7644

reference_id

reference_type

scores

value	0.00213
scoring_system	epss
scoring_elements	0.4391
published_at	2026-06-06T12:55:00Z

value	0.00213
scoring_system	epss
scoring_elements	0.43885
published_at	2026-06-07T12:55:00Z

value	0.00213
scoring_system	epss
scoring_elements	0.43832
published_at	2026-06-04T12:55:00Z

value	0.00213
scoring_system	epss
scoring_elements	0.43902
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-7644

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12869
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12869

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12873
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12873

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12874
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12874

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18121
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18121

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18122
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18122

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7644
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7644

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/saml2/CVE-2018-7644.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/saml2/CVE-2018-7644.yaml

reference_url

https://github.com/simplesamlphp/simplesamlphp

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/simplesamlphp/simplesamlphp

reference_url

https://simplesamlphp.org/security/201802-01

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://simplesamlphp.org/security/201802-01

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-7644

reference_id

CVE-2018-7644

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-7644

fixed_packages

url pkg:composer/simplesamlphp/saml2@3.1.3

purl pkg:composer/simplesamlphp/saml2@3.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6c55-4pyx-ckbx

vulnerability	VCID-8b8r-g7e2-qfb2

vulnerability	VCID-ma9b-k5br-ffhd

vulnerability	VCID-xx6m-pvgs-puga

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@3.1.3

aliases CVE-2018-7644, GHSA-923w-2xv2-7pr8

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wbt9-snjj-uuea

url VCID-xx6m-pvgs-puga

vulnerability_id VCID-xx6m-pvgs-puga

summary

Incorrect signature validation
An incorrect check of return values in the signature validation utilities allows an attacker to get invalid signatures accepted as valid by forcing an error during validation.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-7711

reference_id

reference_type

scores

value	0.0032
scoring_system	epss
scoring_elements	0.55317
published_at	2026-06-04T12:55:00Z

value	0.0032
scoring_system	epss
scoring_elements	0.55367
published_at	2026-06-07T12:55:00Z

value	0.0032
scoring_system	epss
scoring_elements	0.55378
published_at	2026-06-06T12:55:00Z

value	0.0032
scoring_system	epss
scoring_elements	0.55374
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-7711

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7711
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7711

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/saml2/CVE-2018-7711.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/saml2/CVE-2018-7711.yaml

reference_url

https://github.com/simplesamlphp/saml2/commit/4f6af7f69f29df8555a18b9bb7b646906b45924d

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/simplesamlphp/saml2/commit/4f6af7f69f29df8555a18b9bb7b646906b45924d

reference_url

https://lists.debian.org/debian-lts-announce/2018/03/msg00017.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2018/03/msg00017.html

reference_url

https://simplesamlphp.org/security/201803-01

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://simplesamlphp.org/security/201803-01

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-7711

reference_id

CVE-2018-7711

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-7711

fixed_packages

url pkg:composer/simplesamlphp/saml2@3.1.4

purl pkg:composer/simplesamlphp/saml2@3.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6c55-4pyx-ckbx

vulnerability	VCID-8b8r-g7e2-qfb2

vulnerability	VCID-ma9b-k5br-ffhd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@3.1.4

aliases CVE-2018-7711, GHSA-g888-g2pp-82hf

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xx6m-pvgs-puga

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/saml2@3.1.2

Package Instance