BIT-GITLAB-2025-25291 ruby-saml vulnerable to SAML authentication bypass due to DOCTYPE handling (parser differential)

ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely...

CVE-2025-25292

ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely...

CVE-2025-25292

ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely...

[SECURITY] [DLA 3949-1] ruby-saml security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3949-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA November 11, 2024 https://wiki.debian.org/LTS -...

[SECURITY] [DSA 5774-1] ruby-saml security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5774-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 20, 2024 https://www.debian.org/security/faq -...