CVE-2024-52596

Name of the Vulnerable Software and Affected Versions SimpleSAMLphp xml-common versions prior to 1.19.0

Description The issue arises when loading an untrusted XML document, such as the SAMLResponse, allowing an attacker to induce an XML External Entity (XXE) attack. This could potentially enable an attacker to read file contents from the local file system or internal network. Although there are options like NONET, an attacker can bypass them using PHP filters. The vulnerability may also lead to remote code execution (RCE) using certain PHP wrappers, but this has not been fully tested.

Recommendations For versions prior to 1.19.0, remove the LIBXML DTDLOAD | LIBXML DTDATTR options from $options to mitigate the issue. Additionally, as a defense-in-depth measure, check for the string <!DOCTYPE inside the XML before parsing it. However, note that this is not a complete fix, as there might be parser differentials that could load a DOCTYPE. Upgrade to version 1.19.0 or later to secure the handling of XML structures.