Samlify Project: >> Samlify >> 1.4.1 Security Vulnerabilities
samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fixes the issue.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-05-19
An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Express-saml2 which could allow attackers to impersonate arbitrary users.
CVSS Score
7.5
EPSS Score
0.001
Published
2018-01-02