{"id":"CVE-2018-6520","details":"SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism via crafted authority data in a URL.","aliases":["GHSA-2qfc-48v5-4w5h"],"modified":"2026-03-14T09:30:10.484460Z","published":"2018-02-02T01:29:00.307Z","references":[{"type":"ADVISORY","url":"https://simplesamlphp.org/security/201801-02"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/simplesamlphp/simplesamlphp","events":[{"introduced":"b5ff6f0d44be3ef7ac29087368e6570fbfefbb36"},{"fixed":"14b876ba453059d9c216703f6834dc6c749d4586"}],"database_specific":{"versions":[{"introduced":"1.12.0"},{"fixed":"1.15.1"}]}}],"versions":["v1.12.0","v1.15.0","v1.15.0-rc1","v1.15.0-rc2","v1.15.0-rc3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-6520.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}