VYPR

npm package

passport-wsfed-saml2

pkg:npm/passport-wsfed-saml2

Vulnerabilities (4)

  • CVE-2025-46573HigMay 6, 2025
    affected >= 3.0.5, < 4.6.4fixed 4.6.4

    passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. T

  • CVE-2025-46572CriMay 6, 2025
    affected >= 3.0.5, < 4.6.4fixed 4.6.4

    passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by crafting a SAMLResponse. This can be do

  • CVE-2022-23505Dec 13, 2022
    affected < 4.6.3fixed 4.6.3

    Passport-wsfed-saml2 is a ws-federation protocol and SAML2 tokens authentication provider for Passport. In versions prior to 4.6.3, a remote attacker may be able to bypass WSFed authentication on a website using passport-wsfed-saml2. A successful attack requires that the attacker

  • CVE-2017-16897HigDec 27, 2017
    affected < 3.0.5fixed 3.0.5

    A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 library affecting versions < 3.0.5. This vulnerability allows an attacker to impersonate another user and potentially elevate their privileges if the SAML identity provider does not sign the full SAML response