npm package
samlify
pkg:npm/samlify
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-47949 | — | < 2.10.0 | 2.10.0 | May 19, 2025 | samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. V | ||
| CVE-2017-1000452 | Hig | 7.5 | < 2.4.0-rc5 | 2.4.0-rc5 | Jan 2, 2018 | An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Express-saml2 which could allow attackers to impersonate arbitrary users. |
- CVE-2025-47949May 19, 2025affected < 2.10.0fixed 2.10.0
samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. V
- affected < 2.4.0-rc5fixed 2.4.0-rc5
An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Express-saml2 which could allow attackers to impersonate arbitrary users.