Description
Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.
Remediation
References
https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
https://www.kb.cert.org/vuls/id/475445
Related Vulnerabilities
CVE-2022-42889 Vulnerability in maven package org.apache.commons:commons-text
CVE-2024-36401 Vulnerability in maven package org.geoserver:gs-wfs
CVE-2022-31192 Vulnerability in maven package org.dspace:dspace-jspui
CVE-2022-35204 Vulnerability in maven package org.webjars.npm:vite
CVE-2021-41183 Vulnerability in maven package org.webjars.bowergithub.jquery:jquery-ui