Ruby-saml@* Security Vulnerabilities and Issues — Ruby-saml@* CVE List

Lucene search

OneloginRuby-saml*

4 matches found

CVE•added 2024/09/10 7:15 p.m.•260 views

CVE-2024-45409

The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0

10CVSS9.3AI score0.12641EPSS

CVE•added 2019/04/17 2:29 p.m.•76 views

CVE-2017-11428

OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication t...

9.8CVSS8.7AI score0.00436EPSS

CVE•added 2017/01/23 9:59 p.m.•62 views

CVE-2016-5697

Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors.

7.5CVSS7.3AI score0.00131EPSS

CVE•added 2023/05/27 7:15 p.m.•47 views

CVE-2015-20108

xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used.

9.8CVSS9.8AI score0.00321EPSS