{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-52806", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-11-15T17:11:13.442Z", "datePublished": "2024-12-02T16:18:43.485Z", "dateUpdated": "2024-12-02T19:12:33.197Z"}, "containers": {"cna": {"title": "SimpleSAMLphp SAML2 has an XXE in parsing SAML messages", "problemTypes": [{"descriptions": [{"cweId": "CWE-611", "lang": "en", "description": "CWE-611: Improper Restriction of XML External Entity Reference", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/simplesamlphp/saml2/security/advisories/GHSA-pxm4-r5ph-q2m2", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/simplesamlphp/saml2/security/advisories/GHSA-pxm4-r5ph-q2m2"}, {"name": "https://github.com/simplesamlphp/saml2/commit/5fd4ce4596656fb0c1278f15b8305825412e89f7", "tags": ["x_refsource_MISC"], "url": "https://github.com/simplesamlphp/saml2/commit/5fd4ce4596656fb0c1278f15b8305825412e89f7"}], "affected": [{"vendor": "simplesamlphp", "product": "saml2", "versions": [{"version": "< 4.6.14", "status": "affected"}, {"version": ">= 5.0.0-alpha.1, < 5.0.0-alpha.18", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-12-02T16:18:43.485Z"}, "descriptions": [{"lang": "en", "value": "SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18."}], "source": {"advisory": "GHSA-pxm4-r5ph-q2m2", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "simplesamlphp", "product": "saml2", "cpes": ["cpe:2.3:a:simplesamlphp:saml2:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "4.6.14", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThanOrEqual": "5.0.0-alpha.1", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "5.0.0-alpha.18", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-02T19:10:45.941998Z", "id": "CVE-2024-52806", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-02T19:12:33.197Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-52806", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-12-02T19:10:45.941998Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:simplesamlphp:saml2:*:*:*:*:*:*:*:*"], "vendor": "simplesamlphp", "product": "saml2", "versions": [{"status": "affected", "version": "0", "lessThan": "4.6.14", "versionType": "custom"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "5.0.0-alpha.1"}, {"status": "affected", "version": "0", "lessThan": "5.0.0-alpha.18", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-02T19:12:22.844Z"}}], "cna": {"title": "SimpleSAMLphp SAML2 has an XXE in parsing SAML messages", "source": {"advisory": "GHSA-pxm4-r5ph-q2m2", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "simplesamlphp", "product": "saml2", "versions": [{"status": "affected", "version": "< 4.6.14"}, {"status": "affected", "version": ">= 5.0.0-alpha.1, < 5.0.0-alpha.18"}]}], "references": [{"url": "https://github.com/simplesamlphp/saml2/security/advisories/GHSA-pxm4-r5ph-q2m2", "name": "https://github.com/simplesamlphp/saml2/security/advisories/GHSA-pxm4-r5ph-q2m2", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/simplesamlphp/saml2/commit/5fd4ce4596656fb0c1278f15b8305825412e89f7", "name": "https://github.com/simplesamlphp/saml2/commit/5fd4ce4596656fb0c1278f15b8305825412e89f7", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-611", "description": "CWE-611: Improper Restriction of XML External Entity Reference"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-12-02T16:18:43.485Z"}}}, "cveMetadata": {"cveId": "CVE-2024-52806", "state": "PUBLISHED", "dateUpdated": "2024-12-02T19:12:33.197Z", "dateReserved": "2024-11-15T17:11:13.442Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-12-02T16:18:43.485Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18."}, {"lang": "es", "value": "La librer\u00eda SAML2 SimpleSAMLphp es una librer\u00eda PHP para funciones relacionadas con SAML2. Al cargar un documento XML (no confiable), por ejemplo, SAMLResponse, es posible inducir un XXE. Esta vulnerabilidad se solucion\u00f3 en 4.6.14 y 5.0.0-alpha.18."}], "id": "CVE-2024-52806", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.7, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-12-02T17:15:12.580", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/simplesamlphp/saml2/commit/5fd4ce4596656fb0c1278f15b8305825412e89f7"}, {"source": "security-advisories@github.com", "url": "https://github.com/simplesamlphp/saml2/security/advisories/GHSA-pxm4-r5ph-q2m2"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-611"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{}