Lucene search

K

Node-saml Security Vulnerabilities

cve
cve

CVE-2024-32962

xml-crypto is an xml digital signature and encryption library for Node.js. In affected versions the default configuration does not check authorization of the signer, it only checks the validity of the signature per section 3.2.2 of the w3 xmldsig-core-20080610 spec. As such, without additional...

10CVSS

9.3AI Score

0.0004EPSS

2024-05-02 07:15 AM
41
cve
cve

CVE-2023-40178

Node-SAML is a SAML library not dependent on any frameworks that runs in Node. The lack of checking of current timestamp allows a LogoutRequest XML to be reused multiple times even when the current time is past the NotOnOrAfter. This could impact the user where they would be logged out from an...

5.3CVSS

5.1AI Score

0.001EPSS

2023-08-23 09:15 PM
31
cve
cve

CVE-2022-39299

Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML...

8.1CVSS

8.9AI Score

0.009EPSS

2022-10-12 09:15 PM
72
5
cve
cve

CVE-2022-39300

node SAML is a SAML 2.0 library based on the SAML implementation of passport-saml. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the.....

8.1CVSS

8.2AI Score

0.003EPSS

2022-10-13 10:15 PM
75
8
cve
cve

CVE-2021-39171

Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. Prior to version 3.1.0, a malicious SAML payload can require transforms that consume significant system resources to process, thereby resulting in reduced or denied service. This would be an...

7.5CVSS

7.6AI Score

0.001EPSS

2021-08-27 10:15 PM
43
3