-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaScriptJavaScript| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| node-saml | npm | < 4.0.0-beta.5 | 4.0.0-beta.5 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from improper XML structure validation in signature checking. The pre-patch code in src/saml.ts line 691-693 only validated the signature on doc.documentElement but didn't ensure the entire document had exactly one root element. The commit added a check for exactly one valid root node (filtering childNodes with tagName), indicating the previous implementation was vulnerable to XML wrapping attacks with multiple roots. The affected function is part of the SAML class's signature validation flow, making it the clear vulnerable component.
KEV Misses 88% of Exploited CVEs- Get the report