Description
Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.
Remediation
References
https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
https://www.kb.cert.org/vuls/id/475445
Related Vulnerabilities
CVE-2022-41710 Vulnerability in npm package electron-markdownify
CVE-2022-22885 Vulnerability in maven package cn.hutool:hutool-http
CVE-2022-29244 Vulnerability in npm package npm
CVE-2020-7795 Vulnerability in npm package get-npm-package-version
CVE-2017-1000486 Vulnerability in maven package org.primefaces:primefaces