GHSA-2qfc-48v5-4w5h

Source

https://github.com/advisories/GHSA-2qfc-48v5-4w5h

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-2qfc-48v5-4w5h/GHSA-2qfc-48v5-4w5h.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-2qfc-48v5-4w5h

Aliases

CVE-2018-6520

Published

2022-05-14T03:44:35Z

Modified

2024-04-25T21:57:35.922392Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

SimpleSAMLphp Open redirection protection bypass

Details

SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism via crafted authority data in a URL.

Database specific

{
    "nvd_published_at": "2018-02-02T01:29:00Z",
    "cwe_ids": [
        "CWE-601"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-25T21:36:41Z"
}

References

Affected packages

Packagist / simplesamlphp/simplesamlphp

Package

Name: simplesamlphp/simplesamlphp
Purl: pkg:composer/simplesamlphp/simplesamlphp

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.15.2

Affected versions

v1.*

v1.12.0

v1.13.0-rc1

v1.13.0-rc2

v1.13.0

v1.13.1

v1.13.2

v1.14.0-rc1

v1.14.0

v1.14.1

v1.14.2

v1.14.3

v1.14.4

v1.14.5

v1.14.6

v1.14.7

v1.14.8

v1.14.9

v1.14.10

v1.14.11

v1.14.12

v1.14.13

v1.14.14

v1.14.15

v1.14.16

v1.14.17

v1.15.0-rc1

v1.15.0-rc2

v1.15.0-rc3

v1.15.0

v1.15.1