Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8
CVE-2026-46490
- EPSS 0.38%
- Veröffentlicht 08.06.2026 18:41:40
- Zuletzt bearbeitet 09.06.2026 16:48:56
samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element text (e.g., <saml:AttributeValue>) are not escaped. A normal user can inject ...
7.5
CVE-2025-47949
- EPSS 0.47%
- Veröffentlicht 19.05.2025 19:28:45
- Zuletzt bearbeitet 19.09.2025 17:32:34
samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML docume...
7.5
CVE-2017-1000452
- EPSS 1.38%
- Veröffentlicht 02.01.2018 17:29:00
- Zuletzt bearbeitet 21.11.2024 03:04:45
An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Express-saml2 which could allow attackers to impersonate arbitrary users.
1