EPSS
Percentile
71.4%
Node-saml is vulnerable to improper cryptographic signature verification. A remote attacker is able to bypass SAML authentication via an arbitrary IDP signed XML element, due to improper checks for a valid top-level signature in saml.ts .
saml.ts
github.com/node-saml/node-saml/commit/c1f275c289c01921e58f5c70ce0fdbc5287e5fbe
github.com/node-saml/node-saml/security/advisories/GHSA-5p8w-2mvw-38pv