CNNVD-202507-3126 Information

CNNVD ID

CNNVD-202507-3126

Related CVE

CVE-2025-54369

• CNNVD Published: 2025-07-24

Description (Chinese)

node-saml是一个 SAML 库，不依赖于在 Node.js 中运行的任何框架。 Node-SAML 5.0.1及之前版本存在数据伪造问题漏洞，该漏洞源于未验证断言文档，可能导致修改SAML断言中的认证细节。

Description (English)

Node-saml is a SAML library and does not depend on any framework running in Node.js. There is a gap in data forgery in Node-SAML 5.0.1 and earlier versions, which stems from unverified claim files and may lead to changes in authentication details in SAML assertions.

Hazard Level

Low

Vulnerability Type

数据伪造问题

Affected Vendor

个人开发者

Published

2025-07-24

Last Modified

2026-02-24

References

https://github.com/node-saml/node-saml/security/advisories/GHSA-m837-g268-mmv7 https://github.com/node-saml/node-saml/releases/tag/v5.1.0 https://github.com/node-saml/node-saml/commit/31ead9411ebc3e2385086fa9149b6c17732bca10 https://access.redhat.com/security/cve/cve-2025-54369

Patch

https://github.com/node-saml/node-saml/releases