14168 matches found
CVE-2025-66567
The CVE-2025-66567 issue affects ruby-saml, where versions up to and including 1.12.4 implement a SAML SSO client but contain an authentication bypass due to an incomplete fix for CVE-2025-25292. The root cause is a parser differential: ReXML and Nokogiri parse XML differently, producing differen...
CVE-2025-66567 ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)
The ruby-saml library is for implementing the client side of a SAML authorization. ruby-saml versions up to and including 1.12.4 contain an authentication bypass vulnerability due to an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, generating entirely different...
CVE-2025-66567 ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)
The ruby-saml library is for implementing the client side of a SAML authorization. ruby-saml versions up to and including 1.12.4 contain an authentication bypass vulnerability due to an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, generating entirely different...
PT-2025-49775
Name of the Vulnerable Software and Affected Versions ruby-saml versions through 1.12.4 Description The ruby-saml library, which handles SAML authorization on the client side, has a flaw that could allow an attacker to bypass authentication. This is due to how the library processes XML data using...
PT-2025-49774
Name of the Vulnerable Software and Affected Versions ruby-saml versions up to and including 1.12.4 Description The ruby-saml library, used for SAML authorization on the client side, has an authentication bypass issue. This is due to an incomplete fix related to a previous issue. Differences in h...
OneLogin ruby-saml 数据伪造问题漏洞
Onelogin OneLogin ruby-saml is a Ruby-based SAML Security Assertion Markup Language library for Single Sign-On SSO services from Onelogin, USA. A data forgery issue vulnerability exists in OneLogin ruby-saml version 1.12.4 and earlier, which stems from XML parsing differences and could lead to...
Ruby SAML 数据伪造问题漏洞
Ruby SAML is a SAML-Toolkits open source implementation of a SAML authorization client. Ruby SAML 1.12.4 and prior versions suffer from a Data Forgery Issue vulnerability that stems from a flaw in the libxml2 normalization process that could lead to authentication bypass...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the libxml2 canonicalization process. An attacker can bypass authentication and replay signatures by crafting XML input that causes canonicalization to yield an empty string, leading ...
Ruby-saml allows a Libxml2 Canonicalization error to bypass Digest/Signature validation
Summary Ruby-saml up to and including 1.12.4, there is an authentication bypass vulnerability because of an issue at libxml2 canonicalization process used by Nokogiri for document transformation. That allows an attacker to be able to execute a Signature Wrapping attack. The vulnerability does not...
GHSA-X4H9-GWV3-R4M4 Ruby-saml allows a Libxml2 Canonicalization error to bypass Digest/Signature validation
Summary Ruby-saml up to and including 1.12.4, there is an authentication bypass vulnerability because of an issue at libxml2 canonicalization process used by Nokogiri for document transformation. That allows an attacker to be able to execute a Signature Wrapping attack. The vulnerability does not...
Ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)
Summary Ruby-saml up to and including 1.12.4, there is an authentication bypass vulnerability because of an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to differences in XML document namespace parsing between REXML and Nokogiri, implemented in xmlsecurity.rb. An attacker can bypass authentication via Signature Wrapping attack. Note:...
GHSA-9V8J-X534-2FX3 Ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)
Summary Ruby-saml up to and including 1.12.4, there is an authentication bypass vulnerability because of an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker...
Ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)
Summary Ruby-saml up to and including 1.12.4, there is an authentication bypass vulnerability because of an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker...
Ruby-saml allows a Libxml2 Canonicalization error to bypass Digest/Signature validation
Summary Ruby-saml up to and including 1.12.4, there is an authentication bypass vulnerability because of an issue at libxml2 canonicalization process used by Nokogiri for document transformation. That allows an attacker to be able to execute a Signature Wrapping attack. The vulnerability does not...
Security Bulletin: Multiple vulnerabilities in IBM Aspera Shares
Summary Multiple vulnerabilities were addressed in IBM Aspera Shares version 1.11.0. Vulnerability Details CVEID:CVE-2017-17718 DESCRIPTION: The Net::LDAP aka net-ldap gem before 0.16.0 for Ruby has Missing SSL Certificate Validation. CWE:CWE-295: Improper Certificate Validation CVSS Source: IBM...
SUSE SLED15 / SLES15 Security Update : ruby2.5 (SUSE-SU-2025:4264-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4264-1 advisory. - CVE-2024-35221: Fixed remote DoS via YAML manifest bsc1225905 - CVE-2024-47220: Fixed HTTP request smuggling...
ROS-20251203-19
Vulnerability in the Ruby programming language library that implements the MQTT protocol Rubygem MQTT is related to the lack of hostname validation. Exploitation of the vulnerability could allow A remote attacker to perform a man-in-the-middle attack...
Malicious code in pg_result_init (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 007d07edb120233aab0539e4646e8b634d2a95e2df9e6179bb9b2b6eb90f5a97 The OpenSSF Package Analysis project identified 'pgresultinit' @ 2.0.9 rubygems as malicious. It is considered malicious because: - The package...
MAL-2025-191667 Malicious code in pg_result_init (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 007d07edb120233aab0539e4646e8b634d2a95e2df9e6179bb9b2b6eb90f5a97 The OpenSSF Package Analysis project identified 'pgresultinit' @ 2.0.9 rubygems as malicious. It is considered malicious because: - The package...