Bryan Lynch

**Name of the Vulnerable Software and Affected Versions** esaml (and its forks) (affected versions not specified) **Description** The software contains a flaw related to XML External Entity (XXE) processing. An attacker can potentially read local files and include their contents within processed SAML documents, and possibly perform Server-Side Request Forgery (SSRF) by using specially crafted SAML messages. The software parses SAML messages using `xmerl scan:string/2` before signature verification, without disabling XML entity expansion. On Erlang/OTP versions prior to 27, Xmerl allows entities by default, which enables XXE attacks before signature verification. File contents may be exposed through logs or error messages even if signature verification fails. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.