14173 matches found
XML Entity Expansion
Overview Affected versions of this package are vulnerable to XML Entity Expansion via the messagemaxbytesize setting configured in the decoderawsaml function. An attacker can cause resource exhaustion by submitting a specially crafted large SAML response that is validated for Base64 format before...
CVE-2025-54572
The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the messagemaxbytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64...
DEBIAN-CVE-2025-54572
The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the messagemaxbytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64...
UBUNTU-CVE-2025-54572
The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the messagemaxbytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64...
CVE-2025-54572 Ruby SAML DOS vulnerability with large SAML response
The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the messagemaxbytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64...
CVE-2025-54572 Ruby SAML DOS vulnerability with large SAML response
The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the messagemaxbytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64...
CVE-2025-54572
CVE-2025-54572 is a DoS in the Ruby SAML library used for SAML client-side assertions. The initial description states affected versions are ≤1.18.0 with a fix in 1.18.1. A Debian LTS advisory confirms a patch and provides a Debian-specific fix version (1.11.0-1+deb11u3) and recommends upgrading t...
CVE-2025-54572 Ruby SAML DOS vulnerability with large SAML response
The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the messagemaxbytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64...
CVE-2025-54572
The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the messagemaxbytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64...
Ruby SAML DOS vulnerability with large SAML response
Summary A denial-of-service vulnerability exists in ruby-saml even with the messagemaxbytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64 format prior to checking the message size, leading to potential resource exhaustion. Details ruby-saml...
GHSA-RRQH-93C8-J966 Ruby SAML DOS vulnerability with large SAML response
Summary A denial-of-service vulnerability exists in ruby-saml even with the messagemaxbytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64 format prior to checking the message size, leading to potential resource exhaustion. Details ruby-saml...
Ruby SAML DOS vulnerability with large SAML response
Summary A denial-of-service vulnerability exists in ruby-saml even with the messagemaxbytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64 format prior to checking the message size, leading to potential resource exhaustion. Details ruby-saml...
Ruby SAML 安全漏洞
Ruby SAML is an open source implementation of a SAML authorization client from SAML-Toolkits. A security vulnerability exists in Ruby SAML version 1.18.0 and earlier, which stems from validating the Base64 format of a SAML response before checking the message size, and could lead to resource...
Medium: ruby
Issue Overview: Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific...
PT-2025-31391
Name of the Vulnerable Software and Affected Versions: ruby-saml versions 1.18.0 and below Description: The Ruby SAML library, used for implementing the client side of a SAML authorization, contains a denial-of-service vulnerability. The message max bytesize setting, intended to prevent resource...
RockyLinux 9 : ruby:3.1 (RLSA-2025:4488)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:4488 advisory. rexml: DoS vulnerability in REXML CVE-2024-39908 rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace...
ruby:3.3 security update
An update is available for module.ruby, rubygem-pg, ruby, module.rubygem-pg, module.rubygem-mysql2, rubygem-mysql2. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE li...
ruby:3.1 security update
An update is available for module.ruby, rubygem-pg, ruby, module.rubygem-pg, module.rubygem-mysql2, rubygem-mysql2. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE li...
RLSA-2025:4493 Moderate: ruby:3.3 security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: net-imap: Net::IMAP vulnerable to possible DoS by memory exhaustion CVE-2025-25186 CGI: Denial of Service in CGI::Cookie.parse...
RLSA-2025:4488 Moderate: ruby:3.1 security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: DoS vulnerability in REXML CVE-2024-39908 rexml: rubygem-rexml: DoS when parsing an XML having many specific characters suc...