CVE-2017-12874 – simplesamlphp/simplesamlphp-module-infocard

Package

Manager: composer
Name: simplesamlphp/simplesamlphp-module-infocard
Vulnerable Version: >=0 <1.0.1

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00282 pctl0.51128

Details

SimpleSAMLphp InfoCard module Incorrect signature verification The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities.

Metadata

Created: 2022-05-14T01:05:32Z
Modified: 2024-04-25T21:00:25Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-fj28-869x-vv5g/GHSA-fj28-869x-vv5g.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-fj28-869x-vv5g
Finding: F184
Auto approve: 1