CVE-2021-39171

Name of the Vulnerable Software and Affected Versions Passport-SAML versions prior to 3.1.0

Description A malicious SAML payload can require transforms that consume significant system resources to process, thereby resulting in reduced or denied service. This would be an effective way to perform a denial-of-service attack.

Recommendations For versions prior to 3.1.0, update to version 3.1.0 to resolve the issue by limiting the number of allowable transforms to 2. As a temporary workaround, consider restricting the processing of SAML payloads to minimize the risk of exploitation.