Sha256: 09059a14451c879618c5b9d6f1ebbb0390747125d02c491f13792e05175d6d2b

Contents?: true

Size: 655 Bytes

Versions: 3

Compression:

Stored size: 655 Bytes

Contents

---
gem: ruby-saml
cve: 2016-5697
url: https://github.com/onelogin/ruby-saml/commit/a571f52171e6bfd87db59822d1d9e8c38fb3b995
title: XML signature wrapping attack
date: 2016-06-24
description: |
  ruby-saml prior to version 1.3.0 is vulnerable to an XML signature wrapping attack
  in the specific scenario where there was a signature that referenced at the same time
  2 elements (but past the scheme validator process since 1 of the element was inside
  the encrypted assertion).

  ruby-saml users must update to 1.3.0, which implements 3 extra validations to
  mitigate this kind of attack.

cvss_v2: 5.0
cvss_v3: 7.5

patched_versions:
  - ">= 1.3.0"

Version data entries

3 entries across 3 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/ruby-saml/CVE-2016-5697.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/ruby-saml/CVE-2016-5697.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/ruby-saml/CVE-2016-5697.yml