5 matches found
CVE-2025-25292
Ruby-saml contains an authentication bypass vulnerability caused by a parser differential between ReXML and Nokogiri. The issue affects versions older than 1.12.4 and 1.18.0, enabling a Signature Wrapping attack that can lead to bypassing SAML authentication. A patch exists in versions 1.12.4 and...
CVE-2025-25291
ruby-saml vulnerabilities CVE-2025-25291/25292/25293 relate to a parser differential between ReXML and Nokogiri that enables a Signature Wrapping authentication bypass and related DoS when handling SAML inputs. Affected versions prior to 1.12.4 and 1.18.0 are vulnerable; fixes are shipped in 1.12...
CVE-2024-45409
CVE-2024-45409 affects the Ruby-SAML library used for SAML client functionality. Ubuntu/Debian advisories and IBM/GitHub entries confirm that versions <= 12.2 and 1.13.0
CVE-2017-11430
The CVE-2017-11430 entry concerns OmniAuth OmnitAuth-SAML 1.9.0 and earlier. The root cause is incorrect handling of XML DOM traversal and canonicalization APIs, enabling an attacker to manipulate SAML data without invalidating the cryptographic signature and potentially bypass authentication to ...
CVE-2025-25293
CVE-2025-25293 concerns the ruby-saml library used for SAML SSO in Ruby. The issue affects prior to versions 1.12.4 and 1.18.0, where remote attackers could trigger a Denial of Service by sending compressed SAML responses. The vulnerability stems from how ruby-saml decompresses SAML assertions wi...