VYPR

Packagist (Composer) package

simplesamlphp/saml2-legacy

pkg:composer/simplesamlphp/saml2-legacy

Vulnerabilities (2)

  • CVE-2025-27773HigMar 11, 2025
    affected < 4.17.0fixed 4.17.0

    The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the a

  • CVE-2024-52806HigDec 2, 2024
    affected < 4.6.14fixed 4.6.14

    SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18.