46 matches found
CVE-2023-40178
Node-SAML is a SAML library not dependent on any frameworks that runs in Node. The lack of checking of current timestamp allows a LogoutRequest XML to be reused multiple times even when the current time is past the NotOnOrAfter. This could impact the user where they would be logged out from an...
Authentication Bypass
Node-SAML is vulnerable to an Authentication Bypass. The vulnerability is due to loading assertions from the unsigned original SAML response instead of the signature-verified data, allowing attackers to modify authentication details within a valid assertion, such as altering the username, and...
CVE-2025-54369
Node-SAML is a SAML library not dependent on any frameworks that runs in Node. In versions 5.0.1 and below, Node-SAML loads the assertion from the unsigned original response document. This is different than the parts that are verified when checking signature. This allows an attacker to modify...
CVE-2025-54369 Node-SAML SAML Authentication Bypass
Node-SAML is a SAML library not dependent on any frameworks that runs in Node. In versions 5.0.1 and below, Node-SAML loads the assertion from the unsigned original response document. This is different than the parts that are verified when checking signature. This allows an attacker to modify...
EUVD-2023-2365
Malicious code in bioql PyPI...
Node-SAML SAML Signature Verification Vulnerability
Node-SAML loads the assertion from the unsigned original response document. This is different than the parts that are verified when checking signature. This allows an attacker to modify authentication details within a valid SAML assertion. For example, in one attack it is possible to remove any...
CVE-2025-54419
A SAML library not dependent on any frameworks that runs in Node. In version 5.0.1, Node-SAML loads the assertion from the unsigned original response document. This is different than the parts that are verified when checking signature. This allows an attacker to modify authentication details with...
CVE-2025-54419 Node-SAML Contains SAML Signature Verification Vulnerability
A SAML library not dependent on any frameworks that runs in Node. In version 5.0.1, Node-SAML loads the assertion from the unsigned original response document. This is different than the parts that are verified when checking signature. This allows an attacker to modify authentication details with...
CVE-2025-54419
CVE-2025-54419 – Node-SAML (Node.js) : Affected component is the node-saml library. In v5.0.1, it loads the SAML assertion from the unsigned original response document, separate from the parts that are verified for signature. This mismatch allows an attacker who has a validly signed IdP document ...
CVE-2025-54419 Node-SAML Contains SAML Signature Verification Vulnerability
A SAML library not dependent on any frameworks that runs in Node. In version 5.0.1, Node-SAML loads the assertion from the unsigned original response document. This is different than the parts that are verified when checking signature. This allows an attacker to modify authentication details with...
CVE-2025-54419 Node-SAML Contains SAML Signature Verification Vulnerability
A SAML library not dependent on any frameworks that runs in Node. In version 5.0.1, Node-SAML loads the assertion from the unsigned original response document. This is different than the parts that are verified when checking signature. This allows an attacker to modify authentication details with...
PT-2025-31149
Name of the Vulnerable Software and Affected Versions: Node-SAML versions 5.0.1 and below Description: Node-SAML improperly loads the assertion from the unsigned original response document, differing from the parts verified during signature checking. This allows modification of authentication...
node-saml 安全漏洞
node-saml is a SAML library that does not depend on any framework running in Node.js. A security vulnerability exists in node-saml version 5.0.1 that stems from not properly validating SAML assertions, which could lead to an authentication bypass...
@skuhnow/directus (>=9.8.0 <=9.14.4) potentially affected by CVE-2025-54369 via node-saml (=4.0.0-beta.2)
node-saml NPM version =4.0.0-beta.2 is affected by a known vulnerability. The following packages have a transitive dependency on node-saml and may be impacted: - @skuhnow/directus =9.8.0, =9.14.4 Source cves: CVE-2025-54369 Source advisory: SNYK:JS-NODESAML-10946571...
Node-SAML SAML Authentication Bypass
Node-SAML loads the assertion from the unsigned original response document. This is different than the parts that are verified when checking signature. This allows an attacker to modify authentication details within a valid SAML assertion. For example, in one attack it is possible to remove any...
Improper Verification of Cryptographic Signature
Overview node-saml is a SAML 2.0 Library Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to loading assertions from unsigned response documents. An attacker can alter authentication details, such as modifying the username in a SAML assertio...
CVE-2025-54369 Node-SAML SAML Authentication Bypass
Node-SAML is a SAML library not dependent on any frameworks that runs in Node. In versions 5.0.1 and below, Node-SAML loads the assertion from the unsigned original response document. This is different than the parts that are verified when checking signature. This allows an attacker to modify...
PT-2025-30730
Name of the Vulnerable Software and Affected Versions Node-SAML affected versions not specified Description Node-SAML is susceptible to a flaw where it loads the assertion from the unsigned original response document, differing from the signature verification process. This allows modification of...
node-saml 数据伪造问题漏洞
node-saml is a SAML library that does not depend on any framework running in Node.js. A data forgery issue vulnerability exists in Node-SAML 5.0.1 and prior versions, which stems from an unvalidated assertion document that could result in modifying authentication details in SAML assertions...
CVE-2022-39300
node SAML is a SAML 2.0 library based on the SAML implementation of passport-saml. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the...