The SAML2 library prior to 1.10.4, 2.x prior to 2.3.5, and 3.x prior to 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
simplesamlphp saml2 |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |