Aikido Intel
Secure My Code
Intel

AIKIDO-2024-10506

simplesamlphp/simplesamlphp is vulnerable to XML External Entity (XXE) Attack

XML External Entity (XXE) AttackCVE-2024-52806 Published Dec 2, 2024

83

High Risk

This Affects:

PHPsimplesamlphp/simplesamlphp
2.0.0 - 2.0.14
Fixed in 2.0.15
2.1.0 - 2.1.6
Fixed in 2.1.7
2.2.0 - 2.2.3
Fixed in 2.2.4
2.3.0 - 2.3.3
Fixed in 2.3.4
Are you affected? Scan for Free

TL;DR

Affected versions of this package are vulnerable to an XML External Entity (XXE) attack when loading untrusted XML documents, such as a SAMLResponse. An attacker can exploit this vulnerability to inject malicious external entities.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

simplesamlphp/simplesamlphp is vulnerable to XML External Entity (XXE) Attack in versions 2.0.0 - 2.0.14, 2.1.0 - 2.1.6, 2.2.0 - 2.2.3 and 2.3.0 - 2.3.3.

How to fix this

Upgrade the simplesamlphp/simplesamlphp library to a patch version.

Links

Are You Affected?

Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.

Scan for Free
Book a Demo

Free. No credit card required.

Aikido Platform
Subscribe
Stay up to date with all updates
LinkedIn YouTube X
© 2026 Aikido Security BV | BE0792914919
Ghent, Belgium | San Francisco, US
SOC 2SOC 2Compliant
ISO 27001ISO 27001Compliant
Get Security Done