Advisories for Npm/Samlify package

A Signature Wrapping attack has been found in samlify <v2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider.

An XML Signature Wrapping vulnerability exists in Samlify which could allow attackers to impersonate arbitrary users.