Simplesamlphp Saml2
6 CVEs affecting Simplesamlphp Saml2. Latest disclosed: 2025-03-11. Critical: 1, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-9814 | Critical | 9.1 | 2017-02-17 | The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2… |
CVE-2025-27773 | High | 8.6 | 2025-03-11 | The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion a… |
CVE-2024-52806 | High | 8.3 | 2024-12-02 | SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an (untrusted) XML document, for example the SAMLResponse, it's poss… |
CVE-2018-7711 | High | 8.1 | 2018-03-05 | HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an… |
CVE-2018-6519 | High | 7.5 | 2018-02-02 | The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-… |
CVE-2023-49087 | Medium | 6.8 | 2023-11-30 | xml-security is a library that implements XML signatures and encryption. Validation of an XML signature requires verification that the hash value of the relate… |