QID 981194
QID 981194: Nodejs (npm) Security Update for samlify (GHSA-8jjf-w7j6-323c)
Versions of `samlify` prior to 2.4.0 are vulnerable to Authentication Bypass. The package fails to prevent XML Signature Wrapping, allowing tokens to be reused with different usernames. A remote attacker can modify SAML content for a SAML service provider without invalidating the cryptographic signature, which may allow attackers to bypass primary authentication for the affected SAML service provider.
## Recommendation
Upgrade to version 2.4.0 or later
Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user.
Solution
Customers are advised to refer to GHSA-8jjf-w7j6-323c for updates pertaining to this vulnerability.
Vendor References
- GHSA-8jjf-w7j6-323c -
github.com/advisories/GHSA-8jjf-w7j6-323c
CVEs related to QID 981194
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| GHSA-8jjf-w7j6-323c | samlify |
|