An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1mY3AtMzR4dy1wNTd4
Authentication Bypass in saml2-js
saml2-js prior to 2.0.5 are vulnerable to an Authentication Bypass. The package fails to enforce the assertion conditions for encrypted assertions, which may allow an attacker to reuse encrypted assertion tokens indefinitely.
Upgrade to version 2.0.5 or later.Permalink: https://github.com/advisories/GHSA-mfcp-34xw-p57x
Source: GitHub Advisory Database
Published: about 3 years ago
Updated: 9 months ago
CVSS Score: 6.8
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Fixed in: 2.0.5