SAML-Toolkits/ruby-saml

SAML-Toolkits/ruby-saml

developers.onelogin.com

Releases76

Frequency2 months 1 week

Last Release 10 months ago

Stars980

SAML SSO for Ruby

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-66567 ↗	Dec 9, 2025Tuesday, 9 December 2025, 16:18	9.1 CRITICAL	—
The ruby-saml library is for implementing the client side of a SAML authorization. ruby-saml versions up to and including 1.12.4 contain an authentication bypass vulnerability due to an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, generating entirely different document structures from the same input. This allows an attacker to execute a Signature Wrapping attack. This issue is fixed in version 1.18.0.
CVE-2025-66568 ↗	Dec 9, 2025Tuesday, 9 December 2025, 16:18	9.1 CRITICAL	—
The ruby-saml library implements the client side of an SAML authorization. Versions up to and including 1.12.4, are vulnerable to authentication bypass through the libxml2 canonicalization process used by Nokogiri for document transformation, which allows an attacker to execute a Signature Wrapping attack. When libxml2’s canonicalization is invoked on an invalid XML input, it may return an empty string rather than a canonicalized node. ruby-saml then proceeds to compute the DigestValue over this empty string, treating it as if canonicalization succeeded. This issue is fixed in version 1.18.0.
CVE-2025-54572 ↗	Jul 30, 2025Wednesday, 30 July 2025, 14:15	—	—
The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the message_max_bytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64 format prior to checking the message size, leading to potential resource exhaustion. This is fixed in version 1.18.1.
CVE-2024-45409 ↗	Sep 10, 2024Tuesday, 10 September 2024, 19:15	10 CRITICAL	—
The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3.
CVE-2015-20108 ↗	May 27, 2023Saturday, 27 May 2023, 19:15	9.8 CRITICAL	—
xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used.