Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions
Vulnerability Description
samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element text (e.g., <saml:AttributeValue>) are not escaped. A normal user can inject XML markup into an attribute value (e.g., email, name) and add new <saml:Attribute> elements inside the signed assertion. The IdP then signs the tampered assertion and the SP accepts the injected attributes as trusted. This allows privilege escalation when attributes are used for authorization (roles/groups). This issue has been patched in version 2.13.0.
CVSS Information
N/A
Vulnerability Type
XML注入(XPath盲注)
Vulnerability Title
samlify 安全漏洞
Vulnerability Description
samlify是tngan个人开发者的一个用于 SAML SSO 的 Node.js 库。 samlify 2.13.0之前版本存在安全漏洞,该漏洞源于模板替换仅转义属性上下文,元素文本中的值未转义,可能导致XML注入和权限提升。
CVSS Information
N/A
Vulnerability Type
N/A