onelogin ruby-saml vulnerabilities and exploits

(subscribe to this query)

xml_security.rb in the ruby-saml gem prior to 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used.

Onelogin Ruby-saml

OneLogin Ruby-SAML 1.6.0 and previous versions may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potent...

Onelogin Ruby-saml

Ruby-saml prior to 1.3.0 allows malicious users to perform XML signature wrapping attacks via unspecified vectors.

Onelogin Ruby-saml

The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thu...

Onelogin Ruby-saml Omniauth Omniauth Saml Omniauth Omniauth Saml 2.0.0 Omniauth Omniauth Saml 2.1.0 Gitlab Gitlab

2 Github repositories1 Article

OneLogin PythonSAML 2.3.0 and previous versions may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to poten...

Onelogin Pythonsaml

5 Github repositories

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook