RLSA-2024:10858 Important: ruby security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: REXML ReDoS vulnerability CVE-2024-49761 For more details about the security issues, including the impact, a CVSS score,...

Remote Denial Of Service (DoS)

ruby-saml is vulnerable to remote Denial of Service DoS. The vulnerability is due to the message size check being performed before decompression, allowing attackers to bypass it using compressed SAML responses...

The vulnerability of the SAML SSO library in Ruby SAML and the Git-based software platform for collaborative code development on GitLab CE/EE allows a perpetrator to bypass authentication.

The vulnerability of the SAML SSO library in Ruby SAML and the Git-based software platform for collaborative code development on GitLab CE/EE is related to errors in cryptographic signature verification. Exploiting this vulnerability could allow an attacker to bypass authentication processes...

The vulnerability in the GraphQL library for Ruby and the git-based software platform for collaborative code development on GitLab CE/EE arises from improper code generation management. This vulnerability allows a perpetrator to execute arbitrary code.

The vulnerability of the GraphQL library for Ruby and the git-based software platform used for collaborative code development on GitLab CE/EE is related to improper code generation management. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

The vulnerability in the implementation of the SAML SSO protocol for the Ruby SAML library and the git-based software platform for collaborative code development on GitLab CE/EE allows a perpetrator to bypass authentication.

The vulnerability of the SAML SSO protocol implementation for the Ruby SAML library and the git-based software platform for collaborative code development on GitLab CE/EE is related to errors in cryptographic signature verification. Exploiting this vulnerability could allow an attacker to bypass...

CVE-2025-25293

ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote Denial of Service DoS with compressed SAML responses. ruby-saml uses zlib to decompress SAML responses in case they're compressed. It is...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview camaleoncms is a dynamic and advanced content management system based on Ruby on Rails as an alternative to Wordpress. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the updatedajax method of the...

Vulnerabilities fixed in GitLab

GitLab has fixed vulnerabilities in GitLab EE/CE versions from 11.5 to 17.9.2. The vulnerabilities include an issue where users with custom permissions can approve more membership requests than they are entitled to, which can lead to unauthorized access to restricted areas within the platform. In...

CVE-2025-27788

A flaw was found in the JSON gem for Ruby. This vulnerability causes an out-of-bounds read via a specially crafted document, possibly resulting in a crash. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security...

GHSA-9M3Q-RHMV-5Q44 vulnerabilities

Vulnerabilities for packages: ruby3.4-json, ruby3.3-json, ruby3.2-json...

CamaleonCMS 安全漏洞

CamaleonCMS is an advanced dynamic content management system CMS based on RubyonRails by the CamaleonCMS team. A security vulnerability exists in CamaleonCMS that stems from a mass assignment that could lead to elevation of privilege...

SUSE CVE-2025-27788

JSON is a JSON implementation for Ruby. Starting in version 2.10.0 and prior to version 2.10.2, a specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions prior to 2.10.0 are not vulnerable. Version 2.10.2 fixes the problem. No known workarounds are...

GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks

Two high-severity security flaws have been disclosed in the open-source ruby-saml library that could allow malicious actors to bypass Security Assertion Markup Language SAML authentication protections. SAML is an XML-based markup language and open-standard used for exchanging authentication and...

CVE-2025-27407

A flaw was found in graphql-ruby. In affected versions of graphq-ruby, loading a malicious schema definition in the GraphQL::Schema.fromintrospection or the GraphQL::Schema::Loader.load can cause remote code execution. Any system that loads a schema by JSON from an untrusted source is vulnerable,...

CVE-2020-36843

The implementation of EdDSA in EdDSA-Java aka ed25519-java through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA Strong Existential Unforgeability under Chosen Message Attacks property. This allows attackers to create new valid signatures different from previous signature...

DEBIAN-CVE-2025-25292

ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely...

DEBIAN-CVE-2025-25291

ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely...

CVE-2025-25292

ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely...

CVE-2025-25291

ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely...

CVE-2025-25293

ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote Denial of Service DoS with compressed SAML responses. ruby-saml uses zlib to decompress SAML responses in case they're compressed. It is...