EUVD-2025-201828

The ruby-saml library implements the client side of an SAML authorization. Versions up to and including 1.12.4, are vulnerable to authentication bypass through the libxml2 canonicalization process used by Nokogiri for document transformation, which allows an attacker to execute a Signature Wrappi...

CVE-2025-66568

CVE-2025-66568 affects the ruby-saml library (client-side SAML) with versions up to 1.12.4 vulnerable to authentication bypass via libxml2 canonicalization used by Nokogiri. On invalid XML input, canonicalization can return an empty string, causing DigestValue to be computed over that empty strin...

CVE-2025-66568

The ruby-saml library implements the client side of an SAML authorization. Versions up to and including 1.12.4, are vulnerable to authentication bypass through the libxml2 canonicalization process used by Nokogiri for document transformation, which allows an attacker to execute a Signature Wrappi...

PT-2025-49775

Name of the Vulnerable Software and Affected Versions ruby-saml versions through 1.12.4 Description The ruby-saml library, which handles SAML authorization on the client side, has a flaw that could allow an attacker to bypass authentication. This is due to how the library processes XML data using...

PT-2025-49776

Name of the Vulnerable Software and Affected Versions xmlseclibs versions prior to 3.1.4 Description xmlseclibs is a PHP library used for XML Encryption and Signatures. Versions of the library before 3.1.4 contain a flaw in the libxml2 canonicalization process during document transformation that...

Xmlseclibs 安全漏洞

Xmlseclibs is a library written in PHP that handles XML encryption and signing. A security vulnerability exists in Xmlseclibs version 3.1.3, which stems from a flaw in the libxml2 normalization process that could lead to authentication bypass...

Ruby SAML 数据伪造问题漏洞

Ruby SAML is a SAML-Toolkits open source implementation of a SAML authorization client. Ruby SAML 1.12.4 and prior versions suffer from a Data Forgery Issue vulnerability that stems from a flaw in the libxml2 normalization process that could lead to authentication bypass...

GHSA-X4H9-GWV3-R4M4 Ruby-saml allows a Libxml2 Canonicalization error to bypass Digest/Signature validation

Summary Ruby-saml up to and including 1.12.4, there is an authentication bypass vulnerability because of an issue at libxml2 canonicalization process used by Nokogiri for document transformation. That allows an attacker to be able to execute a Signature Wrapping attack. The vulnerability does not...

Ruby-saml allows a Libxml2 Canonicalization error to bypass Digest/Signature validation

Summary Ruby-saml up to and including 1.12.4, there is an authentication bypass vulnerability because of an issue at libxml2 canonicalization process used by Nokogiri for document transformation. That allows an attacker to be able to execute a Signature Wrapping attack. The vulnerability does not...

robrichards/xmlseclibs has an Libxml2 Canonicalization error which can bypass Digest/Signature validation

Summary An authentication bypass vulnerability exists due to a flaw in the libxml2 canonicalization process, which is used by xmlseclibs during document transformation. This weakness allows an attacker to generate a valid signature once and reuse it indefinitely. In practice, a signature created...

GHSA-C4CC-X928-VJW9 robrichards/xmlseclibs has an Libxml2 Canonicalization error which can bypass Digest/Signature validation

Summary An authentication bypass vulnerability exists due to a flaw in the libxml2 canonicalization process, which is used by xmlseclibs during document transformation. This weakness allows an attacker to generate a valid signature once and reuse it indefinitely. In practice, a signature created...

Ruby-saml allows a Libxml2 Canonicalization error to bypass Digest/Signature validation

Summary Ruby-saml up to and including 1.12.4, there is an authentication bypass vulnerability because of an issue at libxml2 canonicalization process used by Nokogiri for document transformation. That allows an attacker to be able to execute a Signature Wrapping attack. The vulnerability does not...

CLSA-2025-1764958229 libxml2: Fix of CVE-2025-27113

CVE-2025-27113: fix NULL pointer dereference in xmlPatMatch in pattern.c...

AlmaLinux 9 : libxml2 (ALSA-2025:22376)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:22376 advisory. libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c CVE-2025-9714 Tenable has extracted the preceding description block...

RHEL 9 : libxml2 (RHSA-2025:22162)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:22162 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxslt: libxml2: Inifinite...

RHEL 9 : libxml2 (RHSA-2025:22163)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:22163 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxslt: libxml2: Inifinite...

Ubuntu 14.04 LTS : libxml2 vulnerabilities (USN-7896-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7896-1 advisory. It was discovered that the libxml2 Python bindings incorrectly handled certain return values. An attacker could possibly use this issue to cause libxml2 ...

RHEL 9 : libxml2 (RHSA-2025:22377)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:22377 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxslt: libxml2: Inifinite...

RHEL 9 : libxml2 (RHSA-2025:22177)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:22177 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxslt: libxml2: Inifinite...

RHEL 9 : libxml2 (RHSA-2025:22376)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:22376 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxslt: libxml2: Inifinite...