OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: duo
Published: 2019-04-17T13:59:53
Updated: 2024-08-05T18:12:39.617Z
Reserved: 2017-07-18T00:00:00
Link: CVE-2017-11428
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-04-17T14:29:00.323
Modified: 2024-11-21T03:07:46.330
Link: CVE-2017-11428
Redhat
No data.