Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SimpleSAMLphp SAML2 has an XXE in parsing SAML messages
Vulnerability Description
SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
Vulnerability Title
SimpleSAMLphp 安全漏洞
Vulnerability Description
SimpleSAMLphp是一款实现了SAML 2.0服务提供者和标识提供者功能的PHP身份验证应用程序。 SimpleSAMLphp存在安全漏洞,该漏洞源于加载不受信任的XML文档时,会诱导XML外部实体注入。
CVSS Information
N/A
Vulnerability Type
N/A