Description

Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.

Remediation

References

https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations

https://www.kb.cert.org/vuls/id/475445

Related Vulnerabilities

CVE-2022-41710 Vulnerability in npm package electron-markdownify

CVE-2022-22885 Vulnerability in maven package cn.hutool:hutool-http

CVE-2022-29244 Vulnerability in npm package npm

CVE-2020-7795 Vulnerability in npm package get-npm-package-version

CVE-2017-1000486 Vulnerability in maven package org.primefaces:primefaces

Severity

Critical

Classification

CWE-287 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Technical Description Third Party Advisory US Government Resource