High severity7.5NVD Advisory· Published Jan 2, 2018· Updated Jun 17, 2026
CVE-2017-1000452
CVE-2017-1000452
Description
An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Express-saml2 which could allow attackers to impersonate arbitrary users.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
samlifynpm | < 2.4.0-rc5 | 2.4.0-rc5 |
Affected products
1Patches
Vulnerability mechanics
References
8- github.com/tngan/samlify/releases/tag/v2.3.0nvdIssue TrackingPatchRelease NotesThird Party Advisory
- github.com/advisories/GHSA-8jjf-w7j6-323cghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-1000452ghsaADVISORY
- www.whitehats.nl/blog/xml-signature-wrapping-samlifynvdMitigationThird Party AdvisoryWEB
- github.com/tngan/samlify/commit/d382bbc7c6b8ea889839ae1f178730c25b09eb42ghsaWEB
- github.com/tngan/samlify/compare/v2.4.0-rc4...v2.4.0-rc5ghsaWEB
- github.com/tngan/samlify/releases/tag/v2.4.0-rc5ghsaWEB
- hackerone.com/reports/356284ghsaWEB
News mentions
0No linked articles in our index yet.