ReportizFlow
Filtered by vendor Saml-toolkits
Subscriptions
Filtered by product Ruby-saml
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-66567 | 2 Onelogin, Saml-toolkits | 2 Ruby-saml, Ruby-saml | 2025-12-11 | 9.1 Critical |
| The ruby-saml library is for implementing the client side of a SAML authorization. ruby-saml versions up to and including 1.12.4 contain an authentication bypass vulnerability due to an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, generating entirely different document structures from the same input. This allows an attacker to execute a Signature Wrapping attack. This issue is fixed in version 1.18.0. | ||||
| CVE-2025-66568 | 2 Onelogin, Saml-toolkits | 2 Ruby-saml, Ruby-saml | 2025-12-11 | 9.1 Critical |
| The ruby-saml library implements the client side of an SAML authorization. Versions up to and including 1.12.4, are vulnerable to authentication bypass through the libxml2 canonicalization process used by Nokogiri for document transformation, which allows an attacker to execute a Signature Wrapping attack. When libxml2’s canonicalization is invoked on an invalid XML input, it may return an empty string rather than a canonicalized node. ruby-saml then proceeds to compute the DigestValue over this empty string, treating it as if canonicalization succeeded. This issue is fixed in version 1.18.0. | ||||
| CVE-2025-54572 | 1 Saml-toolkits | 1 Ruby-saml | 2025-11-03 | N/A |
| The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the message_max_bytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64 format prior to checking the message size, leading to potential resource exhaustion. This is fixed in version 1.18.1. | ||||
Page 1 of 1.