CVE-2017-11429 Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal
Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to...