Commit 233c6ae 1 parent 71f6716 commit 233c6ae Copy full SHA for 233c6ae
File tree 3 files changed +97
-0
lines changed
3 files changed +97
-0
lines changed Original file line number Diff line number Diff line change
1
+ ---
2
+ gem : ruby-saml
3
+ cve : 2025-25291
4
+ ghsa : 4vc4-m8qh-g8jm
5
+ url : https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-4vc4-m8qh-g8jm
6
+ title : Ruby SAML allows a SAML authentication bypass due to DOCTYPE handling (parser differential)
7
+ date : 2025-03-12
8
+ description : |-
9
+ ### Summary
10
+ An authentication bypass vulnerability was found in ruby-saml due to a parser differential.
11
+ ReXML and Nokogiri parse XML differently, the parsers can generate entirely
12
+ different document structures from the same XML input. That allows an attacker
13
+ to be able to execute a Signature Wrapping attack.
14
+
15
+ ### Impact
16
+ This issue may lead to authentication bypass.
17
+ cvss_v4 : 8.8
18
+ patched_versions :
19
+ - " ~> 1.12.4"
20
+ - " >= 1.18.0"
21
+ related :
22
+ url :
23
+ - https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-4vc4-m8qh-g8jm
24
+ - https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97
25
+ - https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv
26
+ - https://nvd.nist.gov/vuln/detail/CVE-2025-25291
27
+ - https://github.com/SAML-Toolkits/ruby-saml/commit/e76c5b36bac40aedbf1ba7ffaaf495be63328cd9
28
+ - https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released
29
+ - https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials
30
+ - https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4
31
+ - https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0
32
+ - https://github.com/advisories/GHSA-4vc4-m8qh-g8jm
Original file line number Diff line number Diff line change
1
+ ---
2
+ gem : ruby-saml
3
+ cve : 2025-25292
4
+ ghsa : 754f-8gm6-c4r2
5
+ url : https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-754f-8gm6-c4r2
6
+ title : Ruby SAML allows a SAML authentication bypass due to namespace handling (parser differential)
7
+ date : 2025-03-12
8
+ description : |-
9
+ ### Summary
10
+ An authentication bypass vulnerability was found in ruby-saml due to a parser differential.
11
+ ReXML and Nokogiri parse XML differently, the parsers can generate entirely
12
+ different document structures from the same XML input. That allows an
13
+ attacker to be able to execute a Signature Wrapping attack.
14
+
15
+ ### Impact
16
+ This issue may lead to authentication bypass.
17
+ cvss_v4 : 8.8
18
+ patched_versions :
19
+ - " ~> 1.12.4"
20
+ - " >= 1.18.0"
21
+ related :
22
+ url :
23
+ - https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-754f-8gm6-c4r2
24
+ - https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv
25
+ - https://github.com/SAML-Toolkits/ruby-saml/commit/e76c5b36bac40aedbf1ba7ffaaf495be63328cd9
26
+ - https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97
27
+ - https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released
28
+ - https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4
29
+ - https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0
30
+ - https://nvd.nist.gov/vuln/detail/CVE-2025-25292
31
+ - https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials
32
+ - https://github.com/advisories/GHSA-754f-8gm6-c4r2
Original file line number Diff line number Diff line change
1
+ ---
2
+ gem : ruby-saml
3
+ cve : 2025-25293
4
+ ghsa : 92rq-c8cf-prrq
5
+ url : https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-92rq-c8cf-prrq
6
+ title : Ruby SAML allows remote Denial of Service (DoS) with compressed SAML responses
7
+ date : 2025-03-12
8
+ description : |-
9
+ ### Summary
10
+ ruby-saml is susceptible to remote Denial of Service (DoS) with compressed SAML responses.
11
+
12
+ Ruby-saml uses zlib to decompress SAML responses in case they're compressed.
13
+ It is possible to bypass the message size check with a compressed assertion
14
+ since the message size is checked before inflation and not after.
15
+
16
+ ### Impact
17
+ This issue may lead to remote Denial of Service (DoS).
18
+ cvss_v4 : 8.8
19
+ patched_versions :
20
+ - " ~> 1.12.4"
21
+ - " >= 1.18.0"
22
+ related :
23
+ url :
24
+ - https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-92rq-c8cf-prrq
25
+ - https://github.com/SAML-Toolkits/ruby-saml/commit/acac9e9cc0b9a507882c614f25d41f8b47be349a
26
+ - https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv
27
+ - https://nvd.nist.gov/vuln/detail/CVE-2025-25293
28
+ - https://github.com/SAML-Toolkits/ruby-saml/commit/e2da4c6dae7dc01a4d9cd221395140a67e2b3eb1
29
+ - https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released
30
+ - https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials
31
+ - https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4
32
+ - https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0
33
+ - https://github.com/advisories/GHSA-92rq-c8cf-prrq
You can’t perform that action at this time.
0 commit comments