MidnightBSD

Advisories for samlify_project

CVE-2017-1000452 MEDIUM

An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Express-saml2 which could allow attackers to impersonate arbitrary users.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-91,

Products Affected

Vendor Product Version
samlify_project samlify *
CVE-2025-47949

samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fixes the issue.

Products Affected

Vendor Product Version
samlify_project samlify *