Lucene search

K
OneloginRuby-saml

7 matches found

CVE
CVE
added 2025/03/12 9:15 p.m.1597 views

CVE-2025-25291

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely dif...

9.8CVSS7AI score0.02296EPSS
CVE
CVE
added 2025/03/12 9:15 p.m.1572 views

CVE-2025-25292

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely dif...

9.8CVSS7AI score0.00705EPSS
CVE
CVE
added 2024/09/10 7:15 p.m.262 views

CVE-2024-45409

The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0

10CVSS9.3AI score0.16139EPSS
CVE
CVE
added 2019/04/17 2:29 p.m.76 views

CVE-2017-11428

OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication t...

9.8CVSS8.7AI score0.00436EPSS
CVE
CVE
added 2025/03/12 9:15 p.m.73 views

CVE-2025-25293

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote Denial of Service (DoS) with compressed SAML responses. ruby-saml uses zlib to decompress SAML responses in case they're compressed. It...

8.7CVSS6.6AI score0.00271EPSS
CVE
CVE
added 2017/01/23 9:59 p.m.62 views

CVE-2016-5697

Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors.

7.5CVSS7.3AI score0.00131EPSS
CVE
CVE
added 2023/05/27 7:15 p.m.47 views

CVE-2015-20108

xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used.

9.8CVSS9.8AI score0.00321EPSS