samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions

Summary samlify’s template substitution only escapes attribute contexts. Values inserted into element text e.g., are not escaped. A normal user can inject XML markup into an attribute value e.g., email, name and add new elements inside the signed assertion. The IdP then signs the tampered asserti...

NPM: samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions

NPM: samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions vulnerability discovered by ? in WordPress Npm samlify versions 2.13.0...

XML Injection

Overview samlify is a Highly configuarable Node.js SAML 2.0 library for Single Sign On. Affected versions of this package are vulnerable to XML Injection via the replaceTagsByValue function. An attacker can inject arbitrary XML markup into SAML assertions by supplying crafted attribute values,...

PT-2026-42587

Summary samlify’s template substitution only escapes attribute contexts. Values inserted into element text e.g., are not escaped. A normal user can inject XML markup into an attribute value e.g., email, name and add new elements inside the signed assertion. The IdP then signs the tampered asserti...

PT-2026-42665

Summary samlify’s template substitution only escapes attribute contexts. Values inserted into element text e.g., are not escaped. A normal user can inject XML markup into an attribute value e.g., email, name and add new elements inside the signed assertion. The IdP then signs the tampered asserti...

EUVD-2018-0156

Malware in sbrugna...

CVE-2017-1000452

An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Express-saml2 which could allow attackers to impersonate arbitrary users...

CVE-2025-47949

samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fix...

samlify SAML Signature Wrapping attack

A Signature Wrapping attack has been found in samlify v2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider...

GHSA-R683-V43C-6XQV samlify SAML Signature Wrapping attack

A Signature Wrapping attack has been found in samlify v2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider...

CVE-2025-47949

samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fix...

CVE-2025-47949

Summary: samlify (Node.js SAML library) has a Signature Wrapping vulnerability in versions prior to 2.10.0, enabling an attacker to forge a SAML Response to impersonate any user. An attacker would need a signed XML document from the identity provider. Fix/mitigation: Upgrade to version 2.10.0 or ...

CVE-2025-47949 samlify SAML Signature Wrapping attack

samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fix...

CVE-2025-47949 samlify SAML Signature Wrapping attack

samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fix...

CVE-2025-47949 samlify SAML Signature Wrapping attack

samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fix...

PT-2025-22111

Name of the Vulnerable Software and Affected Versions samlify versions prior to 2.10.0 Description A Signature Wrapping attack has been found in samlify, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provide...

samlify 数据伪造问题漏洞

samlify is a Node.js library for SAML SSO by tngan individual developer. A data forgery issue vulnerability exists in samlify versions prior to 2.10.0, which stems from a signature wrapping attack that could lead to a forged SAML response...

Authentication Bypass

Overview Versions of samlify prior to 2.4.0 are vulnerable to Authentication Bypass. The package fails to prevent XML Signature Wrapping, allowing tokens to be reused with different usernames. A remote attacker can modify SAML content for a SAML service provider without invalidating the...

Node.js third-party modules: Samlify is vulnerable to signature wrapping

I would like to report a signature wrapping weakness in samlify It allows an attacker to modify a SAML token received from the IdP before validating it with the service provider Module module name: samlify version: 2.3.7 npm page: https://www.npmjs.com/package/samlify Module Description Highly...

Samlify and Express-saml2 Arbitrary User Impersonation Vulnerability

Samlify is an open source Node.js API for single sign-on. express-saml2 is the predecessor of Samlify. A security vulnerability exists in Samlify 2.2.0 and earlier versions and Express-saml2. An attacker can exploit this vulnerability to impersonate any user...