High severityOSV Advisory· Published Dec 2, 2024· Updated Apr 15, 2026
CVE-2024-52596
CVE-2024-52596
Description
SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 1.19.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
simplesamlphp/xml-commonPackagist | < 1.20.0 | 1.20.0 |
Affected products
2- Range: 0.8.11, 0.8.12, v0.1.0, …
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-2x65-fpch-2fcmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-52596ghsaADVISORY
- github.com/simplesamlphp/xml-common/commit/fa4ade391c3194466acf5fbfd5d2ecdbf5e831f5nvdWEB
- github.com/simplesamlphp/xml-common/security/advisories/GHSA-2x65-fpch-2fcmnvdWEB
- lists.debian.org/debian-lts-announce/2024/12/msg00001.htmlnvdWEB
News mentions
0No linked articles in our index yet.