deploy: 8937fc8

Author: tvdijen

feed.xml

@@ -5,8 +5,8 @@
     <description>SimpleSAMLphp** is an award-winning application written in native PHP that deals with authentication. It implements support for multiple protocols, most notably SAML, OpenID or OAuth.</description>
     <link>https://simplesamlphp.org/</link>
     <atom:link href="https://simplesamlphp.org/feed.xml" rel="self" type="application/rss+xml"/>
-    <pubDate>Mon, 02 Dec 2024 11:54:48 +0000</pubDate>
-    <lastBuildDate>Mon, 02 Dec 2024 11:54:48 +0000</lastBuildDate>
+    <pubDate>Thu, 12 Dec 2024 20:05:22 +0000</pubDate>
+    <lastBuildDate>Thu, 12 Dec 2024 20:05:22 +0000</lastBuildDate>
     <generator>Jekyll v4.2.1</generator>
 
       <item>

security/202412-01.html

@@ -101,7 +101,10 @@ <h3 id="mitigation">Mitigation:</h3>
 
 <h3 id="background--details">Background / details</h3>
 
-<p>To be published on Dec 8th</p>
+<p>While there is the NONET option, an attacker can simply bypass if by using PHP filters:
+php://filter/convert.base64-encode/resource=http://URL OR FILE</p>
+
+<p>From there an attacker can induce network connections and steal the targeted file OOB (haven’t fully tested this).</p>
 
 <h3 id="credit">Credit</h3>