Skip to content

onelogin/php-saml signature wrapping attacks

Moderate severity GitHub Reviewed Published May 17, 2024 to the GitHub Advisory Database • Updated May 17, 2024

Package

composer onelogin/php-saml (Composer)

Affected versions

< 2.10.0

Patched versions

2.10.0

Description

Vulnerability in onelogin/php-saml versions prior to 2.10.0 allows signature Wrapping attacks which may result in a malicious user gaining unauthorized access to a system.

References

Published to the GitHub Advisory Database May 17, 2024
Reviewed May 17, 2024
Last updated May 17, 2024

Severity

Moderate

Weaknesses

No CWEs

CVE ID

CVE-2016-1000253

GHSA ID

GHSA-g48f-pgwh-wwxx

Source code

Checking history
See something to contribute? Suggest improvements for this vulnerability.