PT-2025-11129

Name of the Vulnerable Software and Affected Versions ruby-saml versions prior to 1.12.4 and 1.18.0 Description An authentication bypass vulnerability was found in ruby-saml due to a parser differential. ReXML and Nokogiri parse XML differently, generating entirely different document structures...

OneLogin ruby-saml 安全漏洞

Onelogin OneLogin ruby-saml is a Ruby-based SAML Security Assertion Markup Language library for Single Sign-On SSO services from Onelogin, USA. A security vulnerability exists in OneLogin ruby-saml versions prior to 1.12.4 and 1.18.0, which stems from a parser difference that could lead to...

Out-of-bounds Read in Ruby JSON Parser

Impact A specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions 2.10.0 and 2.10.1 are impacted. Older versions are not. Patches Version 2.10.2 fixes the problem. Workarounds None...

OneLogin ruby-saml 安全漏洞

Onelogin OneLogin ruby-saml is a Ruby-based SAML Security Assertion Markup Language library for Single Sign-On SSO services from Onelogin, USA. A security vulnerability exists in ruby-saml versions prior to 1.12.4 and 1.18.0, which stems from parser differences and could lead to authentication...

PT-2025-11128 · Ruby-Saml +3 · Ruby-Saml +3

Name of the Vulnerable Software and Affected Versions: ruby-saml versions prior to 1.12.4 and 1.18.0 Description: The issue is related to the ruby-saml library, which provides security assertion markup language SAML single sign-on SSO for Ruby. The library is susceptible to remote Denial of Servi...

PT-2025-11114

Name of the Vulnerable Software and Affected Versions graphql-ruby versions 1.11.5 through 1.11.7 graphql-ruby versions 1.12.0 through 1.12.24 graphql-ruby versions 1.13.0 through 1.13.23 graphql-ruby versions 2.0.0 through 2.0.31 graphql-ruby versions 2.1.0 through 2.1.13 graphql-ruby versions...

Ruby SAML allows a SAML authentication bypass due to namespace handling (parser differential)

Summary An authentication bypass vulnerability was found in ruby-saml due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping...

Ruby SAML allows a SAML authentication bypass due to DOCTYPE handling (parser differential)

Summary An authentication bypass vulnerability was found in ruby-saml due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping...

Ruby 缓冲区错误漏洞

Ruby is a cross-platform, object-oriented, dynamically typed programming language from the individual developer Yukihiro Matsumoto. A buffer error vulnerability exists in Ruby versions 2.10.0 through prior to 2.10.2, which stems from a specially crafted document that may cause an out-of-bounds...

PT-2025-11127 · Ruby-Saml +3 · Ruby-Saml +3

Name of the Vulnerable Software and Affected Versions: ruby-saml versions prior to 1.12.4 and 1.18.0 Description: An authentication bypass vulnerability was found in ruby-saml due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely different...

PT-2025-11124

Name of the Vulnerable Software and Affected Versions OpenShift affected versions not specified Ruby affected versions not specified Description The issue concerns credential exposure in OpenShift and an out-of-bounds read in Ruby. Recommendations At the moment, there is no information about a...

OPENSUSE-SU-2025:14875-1 ruby3.4-rubygem-rack-3.1.12-1.1 on GA media

These are all security issues fixed in the ruby3.4-rubygem-rack-3.1.12-1.1 package on the GA media of openSUSE Tumbleweed...

UBUNTU-CVE-2025-27610

Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, Rack::Static can serve files under the specified root: even if urls: are provided, which may expose other files under the specified root: unexpectedly. The vulnerability occurs becaus...

GHSA-7WQH-767X-R66V vulnerabilities

Vulnerabilities for packages: ruby4.0-rack, ruby3.2-rails, ruby3.4-rails, ruby3.3-rails, kube-fluentd-operator, logstash, ruby3.4-rack, gitlab-cng, ruby3.2-rack, ruby3.3-rack...

GHSA-7WQH-767X-R66V vulnerabilities

Vulnerabilities for packages: logstash, ruby3.4-rails, ruby3.2-rack, ruby4.0-rack, ruby3.4-rack, kube-fluentd-operator, ruby3.2-rails, ruby3.3-rack...

CVE-2025-27610

Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, Rack::Static can serve files under the specified root: even if urls: are provided, which may expose other files under the specified root: unexpectedly. The vulnerability occurs becaus...

CVE-2025-27610 Local File Inclusion in Rack::Static

Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, Rack::Static can serve files under the specified root: even if urls: are provided, which may expose other files under the specified root: unexpectedly. The vulnerability occurs becaus...

CVE-2025-27610 Local File Inclusion in Rack::Static

Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, Rack::Static can serve files under the specified root: even if urls: are provided, which may expose other files under the specified root: unexpectedly. The vulnerability occurs becaus...

CVE-2025-27610 Local File Inclusion in Rack::Static

Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, Rack::Static can serve files under the specified root: even if urls: are provided, which may expose other files under the specified root: unexpectedly. The vulnerability occurs becaus...

Debian dla-4082 : libruby2.7 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4082 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4082-1 [email protected]...