RSS   Vulnerabilities for 'Ruby-saml'   RSS

2019-04-17
 
CVE-2017-11428

CWE-287
 

 
OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.

 
2017-01-23
 
CVE-2016-5697

 

 
Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors.

 

 >>> Vendor: Onelogin 3 Products
Ruby-saml
Pythonsaml
Onelogin saml sso


Copyright 2024, cxsecurity.com

 

Back to Top