Node-saml is vulnerable to improper cryptographic signature verification. A remote attacker is able to bypass SAML authentication via an arbitrary IDP signed XML element, due to improper checks for a valid top-level signature in saml.ts
.
CPE | Name | Operator | Version |
---|---|---|---|
@node-saml/node-saml | le | 4.0.0-beta.4 | |
node-saml | le | 4.0.0-beta.2 | |
@node-saml/node-saml | le | 4.0.0-beta.4 | |
node-saml | le | 4.0.0-beta.2 |