Sha256: 0b0cd6444b278cc36775a41775a99ed881e6557b3290f54fccac150f012ceb1e
Contents?: true
Size: 660 Bytes
Versions: 1
Compression:
Stored size: 660 Bytes
Contents
--- gem: omniauth-saml cve: 2017-11430 url: https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations date: 2018-02-27 title: omniauth-saml authentication bypass via incorrect XML canonicalization and DOM traversal description: | OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers. cvss_v3: 9.8 cvss_v2: 7.5 patched_versions: - ">= 1.10.0"
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| bundler-audit-0.7.0.1 | data/ruby-advisory-db/gems/omniauth-saml/CVE-2017-11430.yml |