Количество 2
Количество 2
CVE-2021-39171
Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. Prior to version 3.1.0, a malicious SAML payload can require transforms that consume significant system resources to process, thereby resulting in reduced or denied service. This would be an effective way to perform a denial-of-service attack. This has been resolved in version 3.1.0. The resolution is to limit the number of allowable transforms to 2.
GHSA-5379-r78w-42h2
Unlimited transforms allowed for signed nodes
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-39171 Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. Prior to version 3.1.0, a malicious SAML payload can require transforms that consume significant system resources to process, thereby resulting in reduced or denied service. This would be an effective way to perform a denial-of-service attack. This has been resolved in version 3.1.0. The resolution is to limit the number of allowable transforms to 2. | CVSS3: 5.3 | 0% Низкий | больше 4 лет назад |
| GHSA-5379-r78w-42h2 Unlimited transforms allowed for signed nodes | CVSS3: 5.3 | 0% Низкий | больше 4 лет назад |
Уязвимостей на страницу