GHSA-36P7-XJW8-H6F2 Ruby-saml allows attackers to perform XML signature wrapping attacks

ruby-saml prior to version 1.3.0 is vulnerable to an XML signature wrapping attack in the specific scenario where there was a signature that referenced at the same time 2 elements but past the scheme validator process since 1 of the element was inside the encrypted assertion. ruby-saml users must...

Ruby-saml allows attackers to perform XML signature wrapping attacks

ruby-saml prior to version 1.3.0 is vulnerable to an XML signature wrapping attack in the specific scenario where there was a signature that referenced at the same time 2 elements but past the scheme validator process since 1 of the element was inside the encrypted assertion. ruby-saml users must...

Authorization Bypass

OmniAuth-saml is vulnerable to authentication bypass. The application uses a vulnerable version of ruby-saml , meaning it does not properly parse comments in certain XML nodes, causing text after a comment being lost before signing the SAML Message. This allows a malicious user to modify a SAML...

Authentication Bypass

ruby-saml is vulnerable to authentication bypass. The application does not properly parse comments in certain XML nodes, causing text after a comment being lost before signing the SAML Message. This allows a malicious user to modify a SAML message without invalidating the cryptographic signature...

Denial Of Service (DoS)

ruby-saml is vulnerable to denial of service DoS attacks. These attacks are possible because attackers can compress huge XML and pass it to the SAML endpoint. The deflate functio allows the attacker to achieve 1000:1 compression ratio which can be used to cause denial of service attacks...

DEBIAN-CVE-2016-5697

Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors...

CVE-2016-5697

Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors...

CVE-2016-5697

Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors...

UBUNTU-CVE-2016-5697

Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors...

Design/Logic Flaw

Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors...

CVE-2016-5697

Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors...

CVE-2016-5697

CVE-2016-5697 concerns the Ruby-saml library before version 1.3.0, where improper handling of SAML signatures allows XML signature wrapping attacks via unspecified vectors. The vulnerability can enable an unauthenticated attacker to impersonate a user by abusing how SAML responses are validated (...

CVE-2016-5697

Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors...

PT-2017-8747 · Ruby +2 · Ruby-Saml +2

Name of the Vulnerable Software and Affected Versions: ruby-saml versions prior to 1.3.0 Description: The issue allows attackers to perform XML signature wrapping attacks. This occurs in a specific scenario where a signature references two elements simultaneously, one of which is inside an...

FreeBSD : ruby-saml -- XML signature wrapping attack (3fcd52b2-4510-11e6-a15f-00248c0c745d)

RubySec reports : ruby-saml prior to version 1.3.0 is vulnerable to an XML signature wrapping attack in the specific scenario where there was a signature that referenced at the same time 2 elements but past the scheme validator process since 1 of the element was inside the encrypted assertion...

Unspecified vulnerability in RubyGems ruby-saml

RubyGems ruby-saml is a set of SAML Security Assertion Markup Language development toolkits for the Ruby on Rails framework organized by RubyGems. A security vulnerability exists in RubyGems Ruby-saml versions prior to 1.3.0. An attacker could exploit this vulnerability to perform an XML signatur...

ruby-saml -- XML signature wrapping attack

RubySec reports: ruby-saml prior to version 1.3.0 is vulnerable to an XML signature wrapping attack in the specific scenario where there was a signature that referenced at the same time 2 elements but past the scheme validator process since 1 of the element was inside the encrypted assertion...

XML signature wrapping attack

ruby-saml prior to version 1.3.0 is vulnerable to an XML signature wrapping attack in the specific scenario where there was a signature that referenced at the same time 2 elements but past the scheme validator process since 1 of the element was inside the encrypted assertion. ruby-saml users must...

RubyGems ruby-saml 'xml_security.rb' command injection vulnerability

RubyGems ruby-saml is a set of SAML Security Assertion Markup Language development toolkits for the Ruby on Rails framework organized by RubyGems. A command injection vulnerability exists in RubyGems ruby-saml. A remote attacker could use this vulnerability to execute arbitrary shell commands in...

RubyGems ruby-saml XML External Entity Injection Vulnerability

RubyGems ruby-saml is a set of SAML Security Assertion Markup Language development toolkits for the Ruby on Rails framework organized by RubyGems. An XML external entity injection vulnerability exists in RubyGems ruby-saml. An attacker could exploit this vulnerability to cause a denial of service...