Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS01Zmo3LWY4eDMtcTJtY80-7Q
simpleSAMLphp incorrectly handles XML encryption
simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages.
Permalink: https://github.com/advisories/GHSA-5fj7-f8x3-q2mcJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01Zmo3LWY4eDMtcTJtY80-7Q
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 2 years ago
Updated: 4 months ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Identifiers: GHSA-5fj7-f8x3-q2mc, CVE-2011-4625
References:
- https://nvd.nist.gov/vuln/detail/CVE-2011-4625
- https://security-tracker.debian.org/tracker/CVE-2011-4625
- https://github.com/simplesamlphp/simplesamlphp/blob/b3059c51a915910c6631fb2ee597c0fb6ad9162b/docs/simplesamlphp-changelog-1.x.md?plain=1#L1624
- https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202330-1
- https://www.mageni.net/vulnerability/debian-security-advisory-dsa-2330-1-simplesamlphp-70545
- https://github.com/advisories/GHSA-5fj7-f8x3-q2mc
Blast Radius: 18.8
Affected Packages
packagist:simplesamlphp/simplesamlphp
Dependent packages: 163Dependent repositories: 318
Downloads: 8,356,560 total
Affected Version Ranges: < 1.8.1
Fixed in: 1.8.1
All affected versions:
All unaffected versions: 1.12.0, 1.13.0, 1.13.1, 1.13.2, 1.14.0, 1.14.1, 1.14.2, 1.14.3, 1.14.4, 1.14.5, 1.14.6, 1.14.7, 1.14.8, 1.14.9, 1.14.10, 1.14.11, 1.14.12, 1.14.13, 1.14.14, 1.14.15, 1.14.16, 1.14.17, 1.15.0, 1.15.1, 1.15.2, 1.15.3, 1.15.4, 1.16.0, 1.16.1, 1.16.2, 1.16.3, 1.17.0, 1.17.1, 1.17.2, 1.17.3, 1.17.4, 1.17.5, 1.17.6, 1.17.7, 1.17.8, 1.18.0, 1.18.1, 1.18.2, 1.18.3, 1.18.4, 1.18.5, 1.18.6, 1.18.7, 1.18.8, 1.18.9, 1.19.0, 1.19.1, 1.19.2, 1.19.3, 1.19.4, 1.19.5, 1.19.6, 1.19.7, 1.19.8, 1.19.9, 2.0.0, 2.0.1, 2.0.2, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.2.0, 2.2.0, 2.2.1, 2.2.2, 99.99.99