Sha256: d809b616f0da908b34efaf3440db7dbaeb092bf3c171d4f45f5814ce4eac5c05
Contents?: true
Size: 640 Bytes
Versions: 2
Compression:
Stored size: 640 Bytes
Contents
--- gem: ruby-saml cve: 2016-5697 url: https://github.com/onelogin/ruby-saml/commit/a571f52171e6bfd87db59822d1d9e8c38fb3b995 title: XML signature wrapping attack date: 2016-06-24 description: | ruby-saml prior to version 1.3.0 is vulnerable to an XML signature wrapping attack in the specific scenario where there was a signature that referenced at the same time 2 elements (but past the scheme validator process since 1 of the element was inside the encrypted assertion). ruby-saml users must update to 1.3.0, which implements 3 extra validations to mitigate this kind of attack. cvss_v3: 6.1 patched_versions: - ">= 1.3.0"
Version data entries
2 entries across 2 versions & 1 rubygems
| Version | Path |
|---|---|
| bundler-audit-0.6.1 | data/ruby-advisory-db/gems/ruby-saml/CVE-2016-5697.yml |
| bundler-audit-0.6.0 | data/ruby-advisory-db/gems/ruby-saml/CVE-2016-5697.yml |