CVE-2024-52806

{"id": "CVE-2024-52806", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.7, "exploitabilityScore": 3.9}]}, "published": "2024-12-02T17:15:12.580", "references": [{"url": "https://github.com/simplesamlphp/saml2/commit/5fd4ce4596656fb0c1278f15b8305825412e89f7", "source": "security-advisories@github.com"}, {"url": "https://github.com/simplesamlphp/saml2/security/advisories/GHSA-pxm4-r5ph-q2m2", "source": "security-advisories@github.com"}], "vulnStatus": "Received", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-611"}]}], "descriptions": [{"lang": "en", "value": "SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18."}, {"lang": "es", "value": "La librer\u00eda SAML2 SimpleSAMLphp es una librer\u00eda PHP para funciones relacionadas con SAML2. Al cargar un documento XML (no confiable), por ejemplo, SAMLResponse, es posible inducir un XXE. Esta vulnerabilidad se solucion\u00f3 en 4.6.14 y 5.0.0-alpha.18."}], "lastModified": "2024-12-02T17:15:12.580", "sourceIdentifier": "security-advisories@github.com"}