passport-wsfed-saml2
npm4 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting passport-wsfed-saml2page 1 of 1
- CVE-2017-16897HIGHCVSS 8.1EG 8.1✓ Fixed in 3.0.52017-12-27
A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 library affecting versions < 3.0.5. This vulnerability allows an attacker to impersonate another user and potentially elevate their privileges if the SAML identity provi…
- CVE-2022-23505MEDIUMCVSS 5.3EG 5.3✓ Fixed in 4.6.32022-12-13
Passport-wsfed-saml2 is a ws-federation protocol and SAML2 tokens authentication provider for Passport. In versions prior to 4.6.3, a remote attacker may be able to bypass WSFed authentication on a website using passport-wsfed-saml2. A suc…
- CVE-2025-46572CRITICALCVSS 9.3EG 0.0✓ Fixed in 4.6.42025-05-06
passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication b…
- CVE-2025-46573HIGHCVSS 8.6EG 0.0✓ Fixed in 4.6.42025-05-06
passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication b…
Check whether passport-wsfed-saml2 is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for passport-wsfed-saml2 CVEs against the assets you own.
Start Free Scan →