Tvdijen

**Name of the Vulnerable Software and Affected Versions** xml-security versions prior to 2.3.1 xml-security version 1.13.9 **Description** The library lacks validation of the authentication tag length when decrypting XML nodes encrypted with aes-128-gcm, aes-192-gcm, or aes-256-gcm. This allows an attacker to brute-force an authentication tag, recover the GHASH key, and decrypt the encrypted nodes. It also enables the forging of arbitrary ciphertexts without knowing the encryption key. The GHASH key is a string of bits used in Galois/Counter Mode (GCM) for authentication. If static symmetric keys are used, these keys should be rotated as they may have been compromised. The issue can be exploited by observing XML parsing errors that occur after modifying the ciphertext. **Recommendations** Update to xml-security version 2.3.1 or later. Update to xml-security version 1.13.9 or later.

**Name of the Vulnerable Software and Affected Versions** simplesamlphp/xml-security versions prior to 1.6.12 simplesamlphp/xml-security versions prior to 5.0.0-alpha.13 **Description** The issue is related to insufficient validation of XML signatures, which could allow a remote attacker to forge SAML messages by manipulating the `DigestValue`. The vulnerability is due to the difference in validation between the canonicalized and non-canonicalized versions of the SignedInfo-tree. The attacker would need to exploit a bug in PHP's canonicalization function to manipulate the `DigestValue`. **Recommendations** For versions prior to 1.6.12, update to version 1.6.12 or later. For versions prior to 5.0.0-alpha.13, update to version 5.0.0-alpha.13 or later. As a temporary workaround, consider restricting the use of the `validateReference` method in `SignedElementTrait` until a patch is available. Avoid using the `DigestValue` parameter in the affected XML signature validation until the issue is resolved.