14147 matches found
GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks
Two high-severity security flaws have been disclosed in the open-source ruby-saml library that could allow malicious actors to bypass Security Assertion Markup Language SAML authentication protections. SAML is an XML-based markup language and open-standard used for exchanging authentication and...
CVE-2025-27407
A flaw was found in graphql-ruby. In affected versions of graphq-ruby, loading a malicious schema definition in the GraphQL::Schema.fromintrospection or the GraphQL::Schema::Loader.load can cause remote code execution. Any system that loads a schema by JSON from an untrusted source is vulnerable,...
CVE-2020-36843
The implementation of EdDSA in EdDSA-Java aka ed25519-java through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA Strong Existential Unforgeability under Chosen Message Attacks property. This allows attackers to create new valid signatures different from previous signature...
CVE-2025-25292
ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely...
DEBIAN-CVE-2025-25292
ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely...
CVE-2025-25293
ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote Denial of Service DoS with compressed SAML responses. ruby-saml uses zlib to decompress SAML responses in case they're compressed. It is...
CVE-2025-25291
ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely...
DEBIAN-CVE-2025-25291
ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely...
DEBIAN-CVE-2025-25293
ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote Denial of Service DoS with compressed SAML responses. ruby-saml uses zlib to decompress SAML responses in case they're compressed. It is...
UBUNTU-CVE-2025-25292
ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely...
UBUNTU-CVE-2025-25291
ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely...
UBUNTU-CVE-2025-25293
ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote Denial of Service DoS with compressed SAML responses. ruby-saml uses zlib to decompress SAML responses in case they're compressed. It is...
GHSA-754F-8GM6-C4R2 Ruby SAML allows a SAML authentication bypass due to namespace handling (parser differential)
Summary An authentication bypass vulnerability was found in ruby-saml due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping...
Ruby SAML allows a SAML authentication bypass due to namespace handling (parser differential)
Summary An authentication bypass vulnerability was found in ruby-saml due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to differences in XML document namespace parsing between REXML and Nokogiri, implemented in xmlsecurity.rb. An attacker can bypass authentication via Signature Wrapping attack...
CVE-2025-25292 Ruby SAML vulnerable to SAML authentication bypass due to namespace handling (parser differential)
ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely...
CVE-2025-25292
Ruby-saml contains an authentication bypass vulnerability caused by a parser differential between ReXML and Nokogiri. The issue affects versions older than 1.12.4 and 1.18.0, enabling a Signature Wrapping attack that can lead to bypassing SAML authentication. A patch exists in versions 1.12.4 and...
CVE-2025-25292 Ruby SAML vulnerable to SAML authentication bypass due to namespace handling (parser differential)
ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely...
CVE-2025-25292 Ruby SAML vulnerable to SAML authentication bypass due to namespace handling (parser differential)
ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely...
CVE-2025-25292
ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely...