VYPR

npm package

saml2-js

pkg:npm/saml2-js

Vulnerabilities (1)

  • CVE-2017-11429HigApr 17, 2019
    affected < 1.12.4fixed 1.12.4

    Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass au