VulnerableCode Package Details - pkg:composer/simplesamlphp/simplesamlphp@1.18.1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:composer/simplesamlphp/simplesamlphp@1.18.1

Essentials
History (4)

purl	pkg:composer/simplesamlphp/simplesamlphp@1.18.1

Next non-vulnerable version	2.0.15
Latest non-vulnerable version	2.3.4
Risk	4.0

Vulnerabilities affecting this package (4)

Vulnerability	Summary	Fixed by
VCID-hqfj-cd75-nkfa Aliases: GHSA-j5g2-q29x-cw3h	SimpleSAMLphp vulnerable to XXE in parsing SAML messages ## Withdrawn Advisory This advisory has been withdrawn because the vulnerability affects users of the SimpleSAMLphp tarball, not the SimpleSAMLphp Composer package. The underlying information about CVE-2024-52596 is still valid. ## Original Description # Summary When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. ## Mitigation: Remove the `LIBXML_DTDLOAD \| LIBXML_DTDATTR` options from `$options` is in: https://github.com/simplesamlphp/saml2/blob/717c0adc4877ebd58428637e5626345e59fa0109/src/SAML2/DOMDocumentFactory.php#L41 ## Background / details To be published on Dec 8th	2.0.15 Affected by 0 other vulnerabilities. 2.1.0-rc1 Affected by 0 other vulnerabilities. 2.1.7 Affected by 0 other vulnerabilities. 2.2.4 Affected by 0 other vulnerabilities. 2.3.4 Affected by 0 other vulnerabilities.
VCID-mt8a-t14t-fycw Aliases: CVE-2020-5301 GHSA-24m3-w8g9-jwpq	Information disclosure of source code in SimpleSAMLphp	1.18.6 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-uuud-qxr7-4qhh Aliases: CVE-2020-5225 GHSA-6gc6-m364-85ww	Log injection in SimpleSAMLphp	1.18.4 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-vxbq-9k5c-4uf5 Aliases: CVE-2020-5226 GHSA-mj9p-v2r8-wf8w	Cross-site scripting in SimpleSAMLphp	1.18.4 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T19:47:38.318954+00:00	GitLab Importer	Affected by	VCID-hqfj-cd75-nkfa	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/simplesamlphp/simplesamlphp/GHSA-j5g2-q29x-cw3h.yml	38.6.0
2026-06-12T17:20:01.209810+00:00	GitLab Importer	Affected by	VCID-mt8a-t14t-fycw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/simplesamlphp/simplesamlphp/CVE-2020-5301.yml	38.6.0
2026-06-12T17:17:07.802935+00:00	GitLab Importer	Affected by	VCID-uuud-qxr7-4qhh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/simplesamlphp/simplesamlphp/CVE-2020-5225.yml	38.6.0
2026-06-12T17:17:07.650582+00:00	GitLab Importer	Affected by	VCID-vxbq-9k5c-4uf5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/simplesamlphp/simplesamlphp/CVE-2020-5226.yml	38.6.0