Today > | 16 High | 14 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-52596

Dec. 2, 2024, 5:15 p.m.

Tags

security-advisories@github.com
CWE-611
2024-12-02
CVE-2024-52596

Product(s) Impacted

SimpleSAMLphp

  • 1.19.0

Description

SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 1.19.0.

Weaknesses

CWE-611
Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

CWE ID: 611

Date

Published: Dec. 2, 2024, 5:15 p.m.

Last Modified: Dec. 2, 2024, 5:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security-advisories@github.com

References

https://github.com/ security-advisories@github.com
https://github.com/ security-advisories@github.com
https://lists.debian.org/ af854a3a-2127-422b-91ae-364da2661108