Samlify Project

samlify_project

2 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Samlify

samlify

2 CVEs

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-47949 1Samlify Project 1Samlify Sep 19, 2025 May 19, 2025 9.9 CRITICAL· v4 7.5 HIGH· v3 N/A· v2 samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker...Show more samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fixes the issue.Show less
CVE-2017-1000452 1Samlify Project 1Samlify Nov 21, 2024 Jan 2, 2018 N/A· v4 7.5 HIGH· v3 6.0 MEDIUM· v2 An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Express-saml2 which could allow attackers to impersonate arbitrary users.

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2025-47949

1Samlify Project

1Samlify

Sep 19, 2025

May 19, 2025

9.9 CRITICAL· v4

7.5 HIGH· v3

N/A· v2

samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker...Show more

CVE-2017-1000452

1Samlify Project

1Samlify

Nov 21, 2024

Jan 2, 2018

N/A· v4

7.5 HIGH· v3

6.0 MEDIUM· v2

An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Express-saml2 which could allow attackers to impersonate arbitrary users.