VYPR

passport-saml

by Node.js

npm: passport-saml

Source repositories

CVEs (2)

  • CVE-2022-39299Oct 12, 2022
    risk 0.00cvss epss 0.03

    Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP…

  • CVE-2021-39171Aug 27, 2021
    risk 0.00cvss epss 0.01

    Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. Prior to version 3.1.0, a malicious SAML payload can require transforms that consume significant system resources to process, thereby resulting in reduced or denied service.…