simplesamlphp/saml2 Security Advisories for v2.3.7 (3)
-
[HIGH] The SimpleSAMLphp SAML2 library incorrectly verifies signatures for HTTP-Redirect binding
PKSA-rxdv-j1j4-96fj CVE-2025-27773 GHSA-46r4-f8gj-xg56
Affected version: <=4.16.15|>=5.0.0-alpha.1,<=5.0.0-alpha.19
Reported by:
GitHub -
[MEDIUM] SimpleSAMLphp SAML2 has an XXE in parsing SAML messages
PKSA-1983-c8jn-trgm CVE-2024-52806 GHSA-pxm4-r5ph-q2m2
Affected version: <4.6.14
Reported by:
GitHub -
[HIGH] Incorrect signature validation
PKSA-vs15-drx5-pxpz CVE-2018-7711 GHSA-g888-g2pp-82hf
Affected version: <1.10.6|>=2.0,<2.3.8|>=3.0,<3.1.4
Reported by:
GitHub, FriendsOfPHP/security-advisories