OneLogin ruby-saml 数据伪造问题漏洞

Onelogin OneLogin ruby-saml is a Ruby-based SAML Security Assertion Markup Language library for Single Sign-On SSO services from Onelogin, USA. A data forgery issue vulnerability exists in OneLogin ruby-saml version 1.12.4 and earlier, which stems from XML parsing differences and could lead to...

OneLogin ruby-saml 命令注入漏洞

Onelogin OneLogin ruby-saml is a Ruby-based SAML Security Assertion Markup Language library for Single Sign-On SSO services from Onelogin, USA. A security vulnerability exists in OneLogin ruby-saml prior to version 1.0.0, which stems from not using pre-defined statements, causing xmlsecurity.rb i...

CVE-2017-11428

OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication...