CVE-2025-25293 ruby-saml vulnerable to Remote Denial of Service (DoS) with compressed SAML responses

ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote Denial of Service DoS with compressed SAML responses. ruby-saml uses zlib to decompress SAML responses in case they're compressed. It is...

CVE-2025-25293 ruby-saml vulnerable to Remote Denial of Service (DoS) with compressed SAML responses

ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote Denial of Service DoS with compressed SAML responses. ruby-saml uses zlib to decompress SAML responses in case they're compressed. It is...

omniauth-saml has dependency on ruby-saml version with Signature Wrapping Attack issue

Summary There are 2 new Critical Signature Wrapping Vulnerabilities CVE-2025-25292, CVE-2025-25291 and a potential DDOS Moderated Vulneratiblity CVE-2025-25293 affecting ruby-saml, a dependency of omniauth-saml. The fix will be applied to ruby-saml and released 12 March 2025, under version 1.18.0...

GHSA-HW46-3HMR-X9XV omniauth-saml has dependency on ruby-saml version with Signature Wrapping Attack issue

Summary There are 2 new Critical Signature Wrapping Vulnerabilities CVE-2025-25292, CVE-2025-25291 and a potential DDOS Moderated Vulneratiblity CVE-2025-25293 affecting ruby-saml, a dependency of omniauth-saml. The fix will be applied to ruby-saml and released 12 March 2025, under version 1.18.0...

Ruby SAML allows remote Denial of Service (DoS) with compressed SAML responses

Summary ruby-saml is susceptible to remote Denial of Service DoS with compressed SAML responses. Ruby-saml uses zlib to decompress SAML responses in case they're compressed. It is possible to bypass the message size check with a compressed assertion since the message size is checked before...

OneLogin ruby-saml 安全漏洞

Onelogin OneLogin ruby-saml is a Ruby-based SAML Security Assertion Markup Language library for Single Sign-On SSO services from Onelogin, USA. A security vulnerability exists in OneLogin ruby-saml versions prior to 1.12.4 and 1.18.0, which stems from a parser difference that could lead to...

PT-2025-11129

Name of the Vulnerable Software and Affected Versions ruby-saml versions prior to 1.12.4 and 1.18.0 Description An authentication bypass vulnerability was found in ruby-saml due to a parser differential. ReXML and Nokogiri parse XML differently, generating entirely different document structures...

OneLogin ruby-saml 安全漏洞

Onelogin OneLogin ruby-saml is a Ruby-based SAML Security Assertion Markup Language library for Single Sign-On SSO services from Onelogin, USA. A security vulnerability exists in ruby-saml versions prior to 1.12.4 and 1.18.0, which stems from parser differences and could lead to authentication...

PT-2025-11128 · Ruby-Saml +3 · Ruby-Saml +3

Name of the Vulnerable Software and Affected Versions: ruby-saml versions prior to 1.12.4 and 1.18.0 Description: The issue is related to the ruby-saml library, which provides security assertion markup language SAML single sign-on SSO for Ruby. The library is susceptible to remote Denial of Servi...

Ruby SAML allows a SAML authentication bypass due to DOCTYPE handling (parser differential)

Summary An authentication bypass vulnerability was found in ruby-saml due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping...

Ruby SAML allows a SAML authentication bypass due to namespace handling (parser differential)

Summary An authentication bypass vulnerability was found in ruby-saml due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping...

PT-2025-11127 · Ruby-Saml +3 · Ruby-Saml +3

Name of the Vulnerable Software and Affected Versions: ruby-saml versions prior to 1.12.4 and 1.18.0 Description: An authentication bypass vulnerability was found in ruby-saml due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely different...

Ubuntu: Security Advisory (USN-7309-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7309-1: Ruby SAML vulnerabilities

It was discovered that Ruby SAML did not properly validate SAML responses. An unauthenticated attacker could use this vulnerability to log in as an abitrary user. This issue only affected Ubuntu 16.04 LTS. CVE-2016-5697 It was discovered that Ruby SAML incorrectly utilized the results of XML DOM...

USN-7309-1 Ruby SAML vulnerabilities

It was discovered that Ruby SAML did not properly validate SAML responses. An unauthenticated attacker could use this vulnerability to log in as an abitrary user. This issue only affected Ubuntu 16.04 LTS. CVE-2016-5697 It was discovered that Ruby SAML incorrectly utilized the results of XML DOM...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : Ruby SAML vulnerabilities (USN-7309-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7309-1 advisory. It was discovered that Ruby SAML did not properly validate SAML responses. An unauthenticated...

CVE-2017-11428

OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication...

[SECURITY] [DLA 3949-1] ruby-saml security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3949-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA November 11, 2024 https://wiki.debian.org/LTS -...

DLA-3949-1 ruby-saml - security update

Bulletin has no description...

Debian: Security Advisory (DLA-3949-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...