CVE-2024-52596

Vulnerability Description

SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 1.19.0.

Related Weaknesses (CWE)

CWE-611

References

https://github.com/simplesamlphp/xml-common/commit/fa4ade391c3194466acf5fbfd5d2e
https://github.com/simplesamlphp/xml-common/security/advisories/GHSA-2x65-fpch-2
https://lists.debian.org/debian-lts-announce/2024/12/msg00001.html

FAQ

What is CVE-2024-52596?

CVE-2024-52596 is a documented vulnerability. SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is ...

How severe is CVE-2024-52596?

CVSS scoring is not yet available for CVE-2024-52596. Check NVD for updates.

Is there a patch for CVE-2024-52596?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.