simplesamlphp/simplesamlphp is vulnerable to CRLF injection. The vulnerability exists as the file
logging handler is configured to be used with simplesamlphp
, allowing the unsanitized values of reportID
to be used to inject newline characters into logs.
CPE | Name | Operator | Version |
---|---|---|---|
simplesamlphp/simplesamlphp | le | 1.18.3 |