3 matches found
CVE-2023-40178
Node-SAML is a SAML library not dependent on any frameworks that runs in Node. The lack of checking of current timestamp allows a LogoutRequest XML to be reused multiple times even when the current time is past the NotOnOrAfter. This could impact the user where they would be logged out from an...
CVE-2023-40178
Node-SAML CVE-2023-40178 is a functional issue in validatePostRequestAsync that allows LogoutRequest XML to be reused beyond NotOnOrAfter due to missing current-timestamp checks. Root cause: absence of timestamp validity checks in the LogoutRequest validation flow (e.g., validatePostRequestAsync/...
CVE-2023-40178
creationtimestamp| type| source ---|---|--- 2023-08-19 02:52:08+00:00| published-proof-of-concept| https://github.com/node-saml/node-saml/security/advisories/GHSA-vx8m-6fhw-pccw 2023-08-24 00:14:17+00:00| seen| https://t.me/cibsecurity/69095...