pkg:Packagist/simplesamlphp/simplesamlphp

所有已知漏洞

• CRITICAL9.8CVE-2017-12868SimpleSAMLphp Session fixation issue and authentication bypass in the authcrypt module
  >= 1.14.12, < 1.14.14
• CRITICAL9.8CVE-2018-6521SimpleSAMLphp Use of insecure connection charset (sqlauth module)
  from 0, < 1.15.2
• CRITICAL9.8CVE-2017-12873Incorrect persistent NameID generation in SimpleSAMLphp
  >= 1.7.0, < 1.14.11
• HIGH8.1CVE-2017-18122SimpleSAMLphp Signature validation bypass
  from 0, < 1.14.17
• HIGH7.5CVE-2017-12869SimpleSAMLphp Authentication context bypass in the multiauth module
  from 0, < 1.14.14
• HIGH7.5CVE-2011-4625simpleSAMLphp incorrectly handles XML encryption
  from 0, < 1.8.1
• MEDIUM6.3CVE-2016-9955Incorrect signature verification in SimpleSAMLphp
  from 0, < 1.14.11
• MEDIUM6.1CVE-2018-6520SimpleSAMLphp Open redirection protection bypass
  from 0, < 1.15.2
• MEDIUM6.1CVE-2017-18121SimpleSAMLphp XSS Vulnerability
  >= 1.12.0, < 1.14.16
• MEDIUM5.9CVE-2017-12871SimpleSAMLphp Incorrect IV generation for encryption
  >= 1.14.0, < 1.14.12
• MEDIUM5.9CVE-2017-12870SimpleSAMLphp Unauthenticated encryption in CBC mode
  from 0, < 1.14.13
• MEDIUM5.9CVE-2017-12872SimpleSAMLphp allows timing side-channel attacks
  from 0, < 1.15.0-rc1
• MEDIUM5.9CVE-2017-12867simplesamlphp - security update
  >= 1.14.0, < 1.14.15
• MEDIUM5.3CVE-2016-3124SimpleSAMLphp Information leakage issue in the sanitycheck module
  from 0, < 1.14.1
• MEDIUM4.4CVE-2020-5226Cross-site scripting in SimpleSAMLphp
  >= 1.18.0, < 1.18.4
• MEDIUM4.4CVE-2020-5225Log injection in SimpleSAMLphp
  from 0, < 1.18.4
• LOW3.0CVE-2020-5301Information disclosure of source code in SimpleSAMLphp
  from 0, < 1.18.6