Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/simplesamlphp/simplesamlphp@1.17.0-rc2
Typecomposer
Namespacesimplesamlphp
Namesimplesamlphp
Version1.17.0-rc2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.0.15
Latest_non_vulnerable_version2.3.4
Affected_by_vulnerabilities
0
url VCID-hqfj-cd75-nkfa
vulnerability_id VCID-hqfj-cd75-nkfa
summary 
SimpleSAMLphp vulnerable to XXE in parsing SAML messages
## Withdrawn Advisory
This advisory has been withdrawn because the vulnerability affects users of the SimpleSAMLphp tarball, not the SimpleSAMLphp Composer package. The underlying information about CVE-2024-52596 is still valid.

## Original Description

# Summary
When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE.

## Mitigation:

Remove the `LIBXML_DTDLOAD | LIBXML_DTDATTR` options from `$options` is in: https://github.com/simplesamlphp/saml2/blob/717c0adc4877ebd58428637e5626345e59fa0109/src/SAML2/DOMDocumentFactory.php#L41

## Background / details

To be published on Dec 8th
references
0
reference_url https://github.com/simplesamlphp/simplesamlphp
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/simplesamlphp/simplesamlphp
1
reference_url https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-j5g2-q29x-cw3h
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-j5g2-q29x-cw3h
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-52596
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-52596
3
reference_url https://github.com/simplesamlphp/xml-common/security/advisories/GHSA-2x65-fpch-2fcm
reference_id GHSA-2x65-fpch-2fcm
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/simplesamlphp/xml-common/security/advisories/GHSA-2x65-fpch-2fcm
4
reference_url https://github.com/advisories/GHSA-j5g2-q29x-cw3h
reference_id GHSA-j5g2-q29x-cw3h
reference_type
scores
url https://github.com/advisories/GHSA-j5g2-q29x-cw3h
fixed_packages
0
url pkg:composer/simplesamlphp/simplesamlphp@2.0.15
purl pkg:composer/simplesamlphp/simplesamlphp@2.0.15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@2.0.15
1
url pkg:composer/simplesamlphp/simplesamlphp@2.1.0-rc1
purl pkg:composer/simplesamlphp/simplesamlphp@2.1.0-rc1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@2.1.0-rc1
2
url pkg:composer/simplesamlphp/simplesamlphp@2.1.7
purl pkg:composer/simplesamlphp/simplesamlphp@2.1.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@2.1.7
3
url pkg:composer/simplesamlphp/simplesamlphp@2.2.4
purl pkg:composer/simplesamlphp/simplesamlphp@2.2.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@2.2.4
4
url pkg:composer/simplesamlphp/simplesamlphp@2.3.4
purl pkg:composer/simplesamlphp/simplesamlphp@2.3.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@2.3.4
aliases GHSA-j5g2-q29x-cw3h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hqfj-cd75-nkfa
1
url VCID-mt8a-t14t-fycw
vulnerability_id VCID-mt8a-t14t-fycw
summary Information disclosure of source code in SimpleSAMLphp
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-5301
reference_id
reference_type
scores
0
value 0.00142
scoring_system epss
scoring_elements 0.34172
published_at 2026-06-11T12:55:00Z
1
value 0.00142
scoring_system epss
scoring_elements 0.3435
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-5301
1
reference_url https://github.com/simplesamlphp/simplesamlphp
reference_id
reference_type
scores
0
value 3.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/simplesamlphp/simplesamlphp
2
reference_url https://github.com/simplesamlphp/simplesamlphp/commit/47968d26a2fd3ed52da70dc09210921d612ce44e
reference_id
reference_type
scores
0
value 3.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/simplesamlphp/simplesamlphp/commit/47968d26a2fd3ed52da70dc09210921d612ce44e
3
reference_url https://simplesamlphp.org/security/202004-01
reference_id
reference_type
scores
0
value 3.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://simplesamlphp.org/security/202004-01
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-5301
reference_id CVE-2020-5301
reference_type
scores
0
value 3.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-5301
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/CVE-2020-5301.yaml
reference_id CVE-2020-5301.YAML
reference_type
scores
0
value 3.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/CVE-2020-5301.yaml
6
reference_url https://github.com/advisories/GHSA-24m3-w8g9-jwpq
reference_id GHSA-24m3-w8g9-jwpq
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-24m3-w8g9-jwpq
7
reference_url https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-24m3-w8g9-jwpq
reference_id GHSA-24m3-w8g9-jwpq
reference_type
scores
0
value 3.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-24m3-w8g9-jwpq
fixed_packages
0
url pkg:composer/simplesamlphp/simplesamlphp@1.18.6
purl pkg:composer/simplesamlphp/simplesamlphp@1.18.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hqfj-cd75-nkfa
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.18.6
aliases CVE-2020-5301, GHSA-24m3-w8g9-jwpq
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mt8a-t14t-fycw
2
url VCID-npe5-1a82-bbh2
vulnerability_id VCID-npe5-1a82-bbh2
summary SimpleSAMLphp Reflected Cross-site Scripting vulnerability
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/2019-07-10.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/2019-07-10.yaml
1
reference_url https://github.com/simplesamlphp/simplesamlphp
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/simplesamlphp/simplesamlphp
2
reference_url https://github.com/simplesamlphp/simplesamlphp/commit/ce2294e092b3be7db2fc4e18e774b791d4564ff3
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/simplesamlphp/simplesamlphp/commit/ce2294e092b3be7db2fc4e18e774b791d4564ff3
3
reference_url https://simplesamlphp.org/security/201907-01
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://simplesamlphp.org/security/201907-01
4
reference_url https://github.com/advisories/GHSA-vpr3-cw3h-prw8
reference_id GHSA-vpr3-cw3h-prw8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vpr3-cw3h-prw8
fixed_packages
0
url pkg:composer/simplesamlphp/simplesamlphp@1.17.3
purl pkg:composer/simplesamlphp/simplesamlphp@1.17.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25fq-bsgt-23d6
1
vulnerability VCID-hqfj-cd75-nkfa
2
vulnerability VCID-mt8a-t14t-fycw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.17.3
aliases GHSA-vpr3-cw3h-prw8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-npe5-1a82-bbh2
3
url VCID-pwbg-dz5n-t7fj
vulnerability_id VCID-pwbg-dz5n-t7fj
summary 
Cross-site Scripting
Reflected Cross-Site-Scripting in simplesamlphp.
references
0
reference_url https://simplesamlphp.org/security/201907-01
reference_id
reference_type
scores
url https://simplesamlphp.org/security/201907-01
fixed_packages
0
url pkg:composer/simplesamlphp/simplesamlphp@1.17.0
purl pkg:composer/simplesamlphp/simplesamlphp@1.17.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-25fq-bsgt-23d6
1
vulnerability VCID-hqfj-cd75-nkfa
2
vulnerability VCID-mt8a-t14t-fycw
3
vulnerability VCID-npe5-1a82-bbh2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.17.0
aliases GMS-2019-149
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pwbg-dz5n-t7fj
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.17.0-rc2