simplesamlphp/simplesamlphp vulnerabilities

License

Known vulnerabilities in the simplesamlphp/simplesamlphp package. This does not include vulnerabilities belonging to this package’s dependencies.

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Vulnerability	Vulnerable Version
H XML External Entity (XXE) Injection	<2.0.15>=2.1.0, <2.1.7>=2.2.0, <2.2.4>=2.3.0, <2.3.4
M Inadequate Encryption Strength	>=1.14.0, <1.14.12
L Information Exposure	<1.18.6
M Log Injection	<1.18.4
M Cross-site Scripting (XSS)	>=1.18.0, <1.18.4
L Information Exposure	>=1.17.0, <1.17.8
M Cross-site Scripting (XSS)	>=1.12.0, <1.17.3
L Information Exposure	>=1.16.0, <1.16.3
H Signature Validation Bypass	<1.14.17
H Security Bypass	<1.14.17
C Information Exposure	>=1.7.0, <1.14.11
C Authentication Bypass	<1.14.14
H Authentication Bypass	<1.14.14
C Authentication Bypass	<1.15.2
M Open Redirect	<1.15.2
M Information Exposure	<1.14.13
M Cross-site Scripting (XSS)	<1.14.16
M Invalid Token Creation and Validation	<1.14.15
M Insecure Randomness	>=1.14.0, <1.14.12
L TLS Timing Attack	<1.14.12
M Incorrect Signature Verification	<1.14.11
L Link Injection	<1.14.4
M Information Exposure	<1.14.1