CVE-2017-1000452

An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Express-saml2 which could allow attackers to impersonate arbitrary users. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt