Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/passport-wsfed-saml2@0.2.0

Type npm

Namespace

Name passport-wsfed-saml2

Version 0.2.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 3.0.10

Latest_non_vulnerable_version 4.6.4

Affected_by_vulnerabilities

url VCID-yu7w-ma7x-7ydy

vulnerability_id VCID-yu7w-ma7x-7ydy

summary

Authentication Bypass by Spoofing
This vulnerability allows an attacker to impersonate another user and potentially elevate their privileges if the SAML identity provider does not sign the full SAML response (e.g., only signs the assertion within the response).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-16897

reference_id

reference_type

scores

value	0.00422
scoring_system	epss
scoring_elements	0.62397
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-16897

reference_url

https://github.com/auth0/passport-wsfed-saml2

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/auth0/passport-wsfed-saml2

reference_url

https://github.com/auth0/passport-wsfed-saml2/commit/520b9fc0bb4249ce83bec47e30153419f086ab70

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/auth0/passport-wsfed-saml2/commit/520b9fc0bb4249ce83bec47e30153419f086ab70

reference_url

https://github.com/auth0/passport-wsfed-saml2/security/advisories/GHSA-77fw-rf4v-vfp9

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/auth0/passport-wsfed-saml2/security/advisories/GHSA-77fw-rf4v-vfp9

reference_url

https://auth0.com/docs/security/bulletins/cve-2017-16897

reference_id

CVE-2017-16897

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://auth0.com/docs/security/bulletins/cve-2017-16897

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-16897

reference_id

CVE-2017-16897

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-16897

fixed_packages

url pkg:npm/passport-wsfed-saml2@3.0.5

purl pkg:npm/passport-wsfed-saml2@3.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8kgf-qzn3-jbhm

vulnerability	VCID-htf4-ume6-k3a9

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/passport-wsfed-saml2@3.0.5

aliases CVE-2017-16897, GHSA-77fw-rf4v-vfp9

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yu7w-ma7x-7ydy

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/passport-wsfed-saml2@0.2.0

Package Instance