OneLogin Ruby-SAML 0.6.0

CPE Details

OneLogin Ruby-SAML 0.6.0
onelogin
ruby-saml
0.6.0
2019-06-19
23h24 +00:00
2019-06-19
23h24 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:onelogin:ruby-saml:0.6.0:*:*:*:*:*:*:*

Informations

Vendor

onelogin

Product

ruby-saml

Version

0.6.0

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-45409 2024-09-10 18h50 +00:00 The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3.
10
Critique
CVE-2015-20108 2023-05-26 22h00 +00:00 xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used.
9.8
Critique
CVE-2017-11428 2019-04-17 11h59 +00:00 OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.
9.8
Critique
CVE-2016-5697 2017-01-23 20h00 +00:00 Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors.
7.5
Haute