← Back

Samlify

samlify

Vendor: Samlify Project • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-47949
1Samlify Project
1Samlify
Sep 19, 2025
May 19, 2025
9.9 CRITICAL· v4
7.5 HIGH· v3
N/A· v2
samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker...Show more
samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fixes the issue.Show less
CVE-2017-1000452
1Samlify Project
1Samlify
Nov 21, 2024
Jan 2, 2018
N/A· v4
7.5 HIGH· v3
6.0 MEDIUM· v2
An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Express-saml2 which could allow attackers to impersonate arbitrary users.