simplesamlphp/simplesamlphp vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the simplesamlphp/simplesamlphp package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
H XML External Entity (XXE) Injection	<2.0.15>=2.1.0, <2.1.7>=2.2.0, <2.2.4>=2.3.0, <2.3.4
M Inadequate Encryption Strength	>=1.14.0, <1.14.12
L Information Exposure	<1.18.6
M Log Injection	<1.18.4
M Cross-site Scripting (XSS)	>=1.18.0, <1.18.4
L Information Exposure	>=1.17.0, <1.17.8
M Cross-site Scripting (XSS)	>=1.12.0, <1.17.3
L Information Exposure	>=1.16.0, <1.16.3
H Signature Validation Bypass	<1.14.17
H Security Bypass	<1.14.17
C Information Exposure	>=1.7.0, <1.14.11
C Authentication Bypass	<1.14.14
H Authentication Bypass	<1.14.14
C Authentication Bypass	<1.15.2
M Open Redirect	<1.15.2
M Information Exposure	<1.14.13
M Cross-site Scripting (XSS)	<1.14.16
M Invalid Token Creation and Validation	<1.14.15
M Insecure Randomness	>=1.14.0, <1.14.12
L TLS Timing Attack	<1.14.12
M Incorrect Signature Verification	<1.14.11
L Link Injection	<1.14.4
M Information Exposure	<1.14.1