OneLogin Ruby-SAML 0.6.0

CPE Details

OneLogin Ruby-SAML 0.6.0
onelogin
ruby-saml
0.6.0
2019-06-19
23h24 +00:00
2019-06-19
23h24 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:onelogin:ruby-saml:0.6.0:*:*:*:*:*:*:*

Informations

Vendor

onelogin

Product

ruby-saml

Version

0.6.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-45409 2024-09-10 18h50 +00:00 The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3.
10
Critical
CVE-2015-20108 2023-05-26 22h00 +00:00 xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used.
9.8
Critical
CVE-2017-11428 2019-04-17 11h59 +00:00 OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.
9.8
Critical
CVE-2016-5697 2017-01-23 20h00 +00:00 Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors.
7.5
High