CVE-2025-47949

Summary: samlify (Node.js SAML library) has a Signature Wrapping vulnerability in versions prior to 2.10.0, enabling an attacker to forge a SAML Response to impersonate any user. An attacker would need a signed XML document from the identity provider. Fix/mitigation: Upgrade to version 2.10.0 or ...

CVE-2017-1000452

CVE-2017-1000452 affects Samlify (≤2.2.0) and the predecessor Express-saml2. It describes an XML Signature Wrapping vulnerability that could allow an attacker to impersonate arbitrary users. Reported impact includes high confidentiality, integrity, and availability concerns; exploitation is descr...

CVE-2026-46490

CVE-2026-46490 affects samlify (Node.js) prior to v2.13.0. The issue: template substitution only escapes attribute contexts; values placed in element text (e.g., saml:AttributeValue ) aren’t escaped. An attacker can inject XML markup into attribute values (e.g., email, name) and insert new saml:A...