Onelogin

Ruby-saml

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.1

CVE-2025-66568

  • EPSS 0.04%
  • Veröffentlicht 09.12.2025 02:03:20
  • Zuletzt bearbeitet 10.12.2025 21:25:45

The ruby-saml library implements the client side of an SAML authorization. Versions up to and including 1.12.4, are vulnerable to authentication bypass through the libxml2 canonicalization process used by Nokogiri for document transformation, which a...

9.1

CVE-2025-66567

  • EPSS 0.04%
  • Veröffentlicht 09.12.2025 01:55:06
  • Zuletzt bearbeitet 10.12.2025 21:27:33

The ruby-saml library is for implementing the client side of a SAML authorization. ruby-saml versions up to and including 1.12.4 contain an authentication bypass vulnerability due to an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML ...

9.8

CVE-2025-25292

Exploit
  • EPSS 3.09%
  • Veröffentlicht 12.03.2025 20:53:24
  • Zuletzt bearbeitet 03.11.2025 20:17:58

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML d...

9.8

CVE-2025-25291

Exploit
  • EPSS 13.85%
  • Veröffentlicht 12.03.2025 20:16:12
  • Zuletzt bearbeitet 03.11.2025 20:17:58

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML d...

7.5

CVE-2025-25293

Exploit
  • EPSS 2.7%
  • Veröffentlicht 12.03.2025 20:11:08
  • Zuletzt bearbeitet 03.11.2025 20:17:59

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote Denial of Service (DoS) with compressed SAML responses. ruby-saml uses zlib to decompr...

9.8

CVE-2024-45409

  • EPSS 42.42%
  • Veröffentlicht 10.09.2024 19:15:22
  • Zuletzt bearbeitet 21.11.2024 09:37:44

The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml docum...

9.8

CVE-2015-20108

  • EPSS 0.33%
  • Veröffentlicht 27.05.2023 19:15:09
  • Zuletzt bearbeitet 14.01.2025 19:15:26

xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used.

9.8

CVE-2017-11428

Exploit
  • EPSS 0.44%
  • Veröffentlicht 17.04.2019 14:29:00
  • Zuletzt bearbeitet 21.11.2024 03:07:46

OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing ...

7.5

CVE-2016-5697

  • EPSS 0.13%
  • Veröffentlicht 23.01.2017 21:59:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors.