simplesamlphp/saml2 is vulnerable to signature validation bypass attacks. The vulnerability exists in HTTPRedirect.php
due to the reliance of a PHP functionality that interprets a -1 error code as true
, allowing signature validation to be bypassed.
CPE | Name | Operator | Version |
---|---|---|---|
simplesamlphp/saml2 | le | 1.10.5 | |
simplesamlphp/saml2 | le | 2.3.7 | |
simplesamlphp/saml2 | le | 3.1.3 | |
simplesamlphp/simplesamlphp | le | 1.15.3 |