CVE-2017-11429

Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to...

CVE-2024-42167

The function "generateappcertificates" in controllers/saml2/saml2.js of FIWARE Keyrock = 8.4 does not neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicio...

Authentication Bypass in saml2-js

Versions of saml2-js prior to 2.0.5 are vulnerable to an Authentication Bypass. The package fails to enforce the assertion conditions for encrypted assertions, which may allow an attacker to reuse encrypted assertion tokens indefinitely. Recommendation Upgrade to version 2.0.5 or later...

GHSA-MFCP-34XW-P57X Authentication Bypass in saml2-js

Versions of saml2-js prior to 2.0.5 are vulnerable to an Authentication Bypass. The package fails to enforce the assertion conditions for encrypted assertions, which may allow an attacker to reuse encrypted assertion tokens indefinitely. Recommendation Upgrade to version 2.0.5 or later...

Authentication Bypass

Overview Versions of saml2-js prior to 2.0.5 are vulnerable to an Authentication Bypass. The package fails to enforce the assertion conditions for encrypted assertions, which may allow an attacker to reuse encrypted assertion tokens indefinitely. Recommendation Upgrade to version 2.0.5 or later...

wicked-saml (>=0.10.0 <=0.11.3) potentially affected by CVE-2017-11429 via saml2-js (=1.10.0)

saml2-js NPM version =1.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on saml2-js and may be impacted: - wicked-saml =0.10.0, =0.11.3 Source cves: CVE-2017-11429 Source advisory: OSV:GHSA-5P5W-J3G7-W4WV...

CVE-2017-11429

Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to...

CVE-2017-11429

CVE-2017-11429 affects Clever saml2-js (versions 2.0 and earlier). The issue arises from incorrect handling of XML DOM traversal and canonicalization APIs, allowing a remote attacker to modify SAML content without invalidating the cryptographic signature, potentially bypassing authentication to S...

CVE-2017-11429 Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal

Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to...