CVE-2017-16897
The CVE pertains to the Auth0 passport-wsfed-saml2 library prior to version 3.0.5. The vulnerability allows an attacker to impersonate another user and potentially elevate privileges if the SAML identity provider signs only the Assertion (not the full SAML response). This root cause involves inco...