Jindazhao01

**Name of the Vulnerable Software and Affected Versions** Node-SAML versions prior to 4.0.5 **Description** The lack of checking of the current timestamp allows a LogoutRequest XML to be reused multiple times even when the current time is past the NotOnOrAfter. This could impact the user where they would be logged out from an expired LogoutRequest. In bigger contexts, if LogoutRequests are sent out in mass to different SPs, this could impact many users on a large scale. **Recommendations** For versions prior to 4.0.5, update to version 4.0.5 to resolve the issue. As a temporary workaround, consider implementing additional timestamp validation for LogoutRequest XML to prevent reuse of expired requests. Restrict access to the `validatePostRequestAsync()` function in saml.js to minimize the risk of exploitation. Avoid using the `NotOnOrAfter` parameter in the affected API endpoint until the issue is resolved.