{"url":"http://public2.vulnerablecode.io/api/packages/626326?format=json","purl":"pkg:npm/passport-wsfed-saml2@3.0.7","type":"npm","namespace":"","name":"passport-wsfed-saml2","version":"3.0.7","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.6.4","latest_non_vulnerable_version":"4.6.4","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57260?format=json","vulnerability_id":"VCID-8kgf-qzn3-jbhm","summary":"Passport-wsfed-saml2 allows SAML Authentication Bypass via Signature Wrapping\n### Overview\nThis vulnerability allows an attacker to impersonate any user during SAML authentication by crafting a SAMLResponse. This can be done by using a valid SAML object that was signed by the configured IdP.\n\n### Am I Affected?\nYou are affected by this SAML Signature Wrapping vulnerability if you are using `passport-wsfed-saml2` version 4.6.3 or below, specifically under the following conditions:\n1. The service provider is using `passport-wsfed-saml2`,\n2. A valid SAML document signed by the Identity Provider can be obtained.\n\n### Fix\nUpgrade to v4.6.4 or greater.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-46572","reference_id":"","reference_type":"","scores":[{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.54041","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.54008","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.5403","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.54034","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-46572"},{"reference_url":"https://github.com/auth0/passport-wsfed-saml2","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/auth0/passport-wsfed-saml2"},{"reference_url":"https://github.com/auth0/passport-wsfed-saml2/commit/e5cf3cc2a53748207f7a81bfba9195c8efa94181","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-06T20:42:56Z/"}],"url":"https://github.com/auth0/passport-wsfed-saml2/commit/e5cf3cc2a53748207f7a81bfba9195c8efa94181"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-46572","reference_id":"CVE-2025-46572","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-46572"},{"reference_url":"https://github.com/advisories/GHSA-wjmp-wphq-jvqf","reference_id":"GHSA-wjmp-wphq-jvqf","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wjmp-wphq-jvqf"},{"reference_url":"https://github.com/auth0/passport-wsfed-saml2/security/advisories/GHSA-wjmp-wphq-jvqf","reference_id":"GHSA-wjmp-wphq-jvqf","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-06T20:42:56Z/"}],"url":"https://github.com/auth0/passport-wsfed-saml2/security/advisories/GHSA-wjmp-wphq-jvqf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/85055?format=json","purl":"pkg:npm/passport-wsfed-saml2@4.6.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/passport-wsfed-saml2@4.6.4"}],"aliases":["CVE-2025-46572","GHSA-wjmp-wphq-jvqf"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8kgf-qzn3-jbhm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/109455?format=json","vulnerability_id":"VCID-9434-ms8w-ubfc","summary":"Authentication Bypass for passport-wsfed-saml2\n# Overview\nA remote attacker can bypass WSFed authentication on a website using passport-wsfed-saml2. A successful attack requires that the attacker is in possession of an arbitrary IDP signed WSFed assertion. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered.\n\n# Am I affected?\nYou are affected if you are using WSFed protocol with the passport-wsfed-saml2 library versions < 4.6.3. \nSAML2 protocol is not affected. \n\n# How do I fix it?\nUpgrade the library to version 4.6.3.\n\n# Will the fix impact my users?\nNo, the fix will not impact your users.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23505","reference_id":"","reference_type":"","scores":[{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.61376","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.61331","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.61379","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.61387","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.61373","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.61356","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23505"},{"reference_url":"https://github.com/auth0/passport-wsfed-saml2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/auth0/passport-wsfed-saml2"},{"reference_url":"https://github.com/auth0/passport-wsfed-saml2/pull/179","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/auth0/passport-wsfed-saml2/pull/179"},{"reference_url":"https://github.com/auth0/passport-wsfed-saml2/security/advisories/GHSA-ppjq-qxhx-m25f","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/auth0/passport-wsfed-saml2/security/advisories/GHSA-ppjq-qxhx-m25f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23505","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23505"},{"reference_url":"https://github.com/advisories/GHSA-ppjq-qxhx-m25f","reference_id":"GHSA-ppjq-qxhx-m25f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ppjq-qxhx-m25f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/146595?format=json","purl":"pkg:npm/passport-wsfed-saml2@4.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8kgf-qzn3-jbhm"},{"vulnerability":"VCID-htf4-ume6-k3a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/passport-wsfed-saml2@4.6.3"}],"aliases":["CVE-2022-23505","GHSA-ppjq-qxhx-m25f"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9434-ms8w-ubfc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45465?format=json","vulnerability_id":"VCID-bwz4-nbfz-rqg2","summary":"passport-wsfed-saml2 Signature Bypass vulnerability\n## Information\nPlease note that this is not a new disclosure, and is previously reported in our [SECURITY-NOTICE.md](https://github.com/auth0/passport-wsfed-saml2/commit/520b9fc0bb4249ce83bec47e30153419f086ab70\n) which we removed in favor of github advisory. \n\n# Overview\n\nA vulnerability was found in the validation of a SAML signature. The validation does not ensure that the \"Signature\" tag is at the proper location inside an \"Assertion\" tag. This leads to a signature relocation attack where the attacker can corrupt one field of data while maintaining the signature valid. This could allow an authenticated attacker to \"remove\" one group from the assertion or corrupt another field of an assertion.\n\n# Am I affected?\n\nYou are affected if you are using the passport-wsfed-saml2 library to version < 3.0.10\n\n# How do I fix it?\n\nYou may fix this issue by upgrading passport-wsfed-saml2 library to version 3.0.10 or above. \n\n# Will the fix impact my users?\n\nThis fix patches the library that your application runs, but will not impact your users, their current state, or any existing sessions.","references":[{"reference_url":"https://github.com/auth0/passport-wsfed-saml2","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/auth0/passport-wsfed-saml2"},{"reference_url":"https://github.com/auth0/passport-wsfed-saml2/commit/f75211d42d2586a0d24a9da29ba8590e42363500","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/auth0/passport-wsfed-saml2/commit/f75211d42d2586a0d24a9da29ba8590e42363500"},{"reference_url":"https://github.com/auth0/passport-wsfed-saml2/pull/79","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/auth0/passport-wsfed-saml2/pull/79"},{"reference_url":"https://github.com/advisories/GHSA-5wrg-8fxp-cx9r","reference_id":"GHSA-5wrg-8fxp-cx9r","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5wrg-8fxp-cx9r"},{"reference_url":"https://github.com/auth0/passport-wsfed-saml2/security/advisories/GHSA-5wrg-8fxp-cx9r","reference_id":"GHSA-5wrg-8fxp-cx9r","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/auth0/passport-wsfed-saml2/security/advisories/GHSA-5wrg-8fxp-cx9r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65681?format=json","purl":"pkg:npm/passport-wsfed-saml2@3.0.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8kgf-qzn3-jbhm"},{"vulnerability":"VCID-9434-ms8w-ubfc"},{"vulnerability":"VCID-htf4-ume6-k3a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/passport-wsfed-saml2@3.0.10"}],"aliases":["GHSA-5wrg-8fxp-cx9r","GMS-2023-1886"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bwz4-nbfz-rqg2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57261?format=json","vulnerability_id":"VCID-htf4-ume6-k3a9","summary":"Passport-wsfed-saml2 allows SAML Authentication Bypass via Attribute Smuggling\n### Overview\nThis vulnerability allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done by adding attributes to the response.\n\n### Am I Affected?\nYou are affected by this SAML Attribute Smuggling vulnerability if you are using `passport-wsfed-saml2` version 4.6.3 or below, specifically under the following conditions:\n1. The service provider is using `passport-wsfed-saml2`, \n2. A valid SAML Response signed by the Identity Provider can be obtained\n\n### Fix\nUpgrade to v4.6.4 or greater.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-46573","reference_id":"","reference_type":"","scores":[{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46553","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46539","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46528","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46573","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46574","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-46573"},{"reference_url":"https://github.com/auth0/passport-wsfed-saml2","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/auth0/passport-wsfed-saml2"},{"reference_url":"https://github.com/auth0/passport-wsfed-saml2/commit/e5cf3cc2a53748207f7a81bfba9195c8efa94181","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T13:46:09Z/"}],"url":"https://github.com/auth0/passport-wsfed-saml2/commit/e5cf3cc2a53748207f7a81bfba9195c8efa94181"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-46573","reference_id":"CVE-2025-46573","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-46573"},{"reference_url":"https://github.com/advisories/GHSA-8gqj-226h-gm8r","reference_id":"GHSA-8gqj-226h-gm8r","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8gqj-226h-gm8r"},{"reference_url":"https://github.com/auth0/passport-wsfed-saml2/security/advisories/GHSA-8gqj-226h-gm8r","reference_id":"GHSA-8gqj-226h-gm8r","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T13:46:09Z/"}],"url":"https://github.com/auth0/passport-wsfed-saml2/security/advisories/GHSA-8gqj-226h-gm8r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/85055?format=json","purl":"pkg:npm/passport-wsfed-saml2@4.6.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/passport-wsfed-saml2@4.6.4"}],"aliases":["CVE-2025-46573","GHSA-8gqj-226h-gm8r"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-htf4-ume6-k3a9"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/passport-wsfed-saml2@3.0.7"}