Node-Saml Passport-Saml vulnerabilities

CVE-2025-54419 [CRITICAL] CWE-287 Node-SAML SAML Signature Verification Vulnerability Node-SAML SAML Signature Verification Vulnerability Node-SAML loads the assertion from the (unsigned) original response document. This is different than the parts that are verified when checking signature. This allows an attacker to modify authentication details within a valid SAML assertion. For example, in one attack it is possible to remove any character from the SAML assertion username. To conduct the at

CVE-2022-39299 [HIGH] CWE-347 Signature bypass via multiple root elements Signature bypass via multiple root elements ### Impact A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered. #

CVE-2021-39171 [HIGH] CWE-400 CVE-2021-39171: Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. Prior to version 3.1.0, a malicious SAML payload can require transforms that consume significant system resources to process, thereby resulting in reduced or denied service. This would be an effective way to perform a denial-of-service attack. This ha