Authentication Bypass Vulnerability in ruby-saml SAML SSO Library via XML Parsing
ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely different document structures from the same XML input. That allows an malicious user to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 fix the issue.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
saml-toolkits ruby-saml |
GitLab patches critical authentication bypass vulnerabilities By Bill Toulas March 13, 2025 12:13 PM 0 GitLab released security updates for Community Edition (CE) and Enterprise Edition (EE), fixing nine vulnerabilities, among which two critical severity ruby-saml library authentication bypass flaws. All flaws were addressed in GitLab CE/EE versions 17.7.7, 17.8.5, and 17.9.2, while all versions before those are vulnerable. GitLab.com is already patched, and GitLab Dedicated customers will...
Vulmon