Miggo Logo
Miggo Vulnerability Database
CVE-2021-39171

CVE-2021-39171: Unlimited transforms allowed for signed nodes

5.3

CVSS Score
3.1

Basic Information

CVE ID
CVE-2021-39171
GHSA ID
GHSA-5379-r78w-42h2
EPSS Score
0.57549%
CWE
CWE-400
Published
8/30/2021
Updated
2/10/2024
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Package NameEcosystemVulnerable VersionsFirst Patched Version
passport-samlnpm< 3.1.03.1.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from missing validation of Transform element counts in XML signatures. The commit adds XPath-based transform counting and rejection logic in saml.ts, specifically in the signature validation path. Before the patch, the validation routine would process unlimited transforms from attacker-controlled SAML payloads, enabling CPU-intensive processing attacks. The vulnerable function is clearly the signature validation logic in SAML class where transforms were not limited prior to the patch.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t * m*li*ious S*ML p*ylo** **n r*quir* tr*ns*orms t**t *onsum* si*ni*i**nt syst*m r*sour**s to pro**ss, t**r**y r*sultin* in r**u*** or **ni** s*rvi**. T*is woul* ** *n *****tiv* w*y to p*r*orm * **ni*l-o*-s*rvi** *tt**k. ### P*t***s T*is *

Reasoning

T** vuln*r**ility st*ms *rom missin* v*li**tion o* Tr*ns*orm *l*m*nt *ounts in XML si*n*tur*s. T** *ommit ***s XP*t*-**s** tr*ns*orm *ountin* *n* r*j**tion lo*i* in `s*ml.ts`, sp**i*i**lly in t** si*n*tur* v*li**tion p*t*. ***or* t** p*t**, t** v*li*