VYPR

npm package

samlify

pkg:npm/samlify

Vulnerabilities (2)

  • CVE-2025-47949May 19, 2025
    affected < 2.10.0fixed 2.10.0

    samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. V

  • CVE-2017-1000452HigJan 2, 2018
    affected < 2.4.0-rc5fixed 2.4.0-rc5

    An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Express-saml2 which could allow attackers to impersonate arbitrary users.