8 matches found
@altipla/directus-sdk-utils (=0.7.2), @better-auth/sso (>=1.6.0 <=1.7.0-beta.3) +28 more potentially affected by CVE-2026-46490 via samlify (>=2.10.0 <=2.12.0)
samlify NPM version =2.10.0, =1.6.0, =2.10.4, =1.0.0, =11.16.1-depup.0, =27.1.0, =0.73.0, =0.73.0, =0.73.1, =0.73.0, =0.73.1, =0.78.0 and more Source cves: CVE-2026-46490 Source advisory: SNYK:JS-SAMLIFY-16796318...
@altipla/directus-sdk-utils (=0.7.2), @better-auth/sso (>=1.6.0 <=1.7.0-beta.3) +28 more potentially affected by CVE-2026-46490 via samlify (>=2.10.0 <=2.12.0)
samlify NPM version =2.10.0, =1.6.0, =2.10.4, =1.0.0, =11.16.1-depup.0, =27.1.0, =0.73.0, =0.73.0, =0.73.1, =0.73.0, =0.73.1, =0.78.0 and more Source cves: CVE-2026-46490 Source advisory: OSV:GHSA-34R5-Q4JW-R36M...
PT-2026-42665
Name of the Vulnerable Software and Affected Versions samlify versions prior to 2.13.0 Description samlify is a Node.js library for SAML single sign-on. The template substitution mechanism only escapes attribute contexts, meaning values inserted into element text, such as , are not escaped. This...
EUVD-2018-0156
Malware in sbrugna...
samlify SAML Signature Wrapping attack
A Signature Wrapping attack has been found in samlify v2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider...
GHSA-R683-V43C-6XQV samlify SAML Signature Wrapping attack
A Signature Wrapping attack has been found in samlify v2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider...
CVE-2025-47949
samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fix...
CVE-2025-47949 samlify SAML Signature Wrapping attack
samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fix...