Untrusted XML Documents Can Cause XXE Vulnerability in SimpleSAMLphp xml-common
CVE-2024-52596

Currently unrated

Key Information:

Vendor: SimplesamlPHP
Status: Xml-common
Vendor: CVE Published:; 2 December 2024

🔔 Create SimplesamlPHP Vulnerability Alert

What is CVE-2024-52596?

SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 1.19.0.

Affected Version(s)

xml-common < 1.20.0

References

https://github.com/simplesamlphp/xml-common/security/advi...

x_refsource_CONFIRM

https://github.com/simplesamlphp/xml-common/commit/fa4ade...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 2, 2024
Vulnerability Reserved
Nov 14, 2024

CVE-2024-52596 Data

JSON