[MEDIUM] Unauthenticated encryption in CBC mode

PKSA-4k4v-hvd4-cf6g CVE-2017-12870 GHSA-44pr-mgcp-v36r

Affected package: simplesamlphp/simplesamlphp

Affected version: <1.14.13

Reported by:
GitHub, FriendsOfPHP/security-advisories