VYPR
← All advisories
Critical severityNVD Advisory· Published Sep 10, 2024· Updated Nov 11, 2024

The Ruby SAML library vulnerable to a SAML authentication bypass via Incorrect XPath selector

CVE-2024-45409

Description

The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Ruby-SAML library fails to verify SAML Response signatures, allowing attackers to forge arbitrary assertions and bypass authentication.

Vulnerability

Overview The Ruby SAML library (versions ≤1.12.2 and 1.13.0 to 1.16.0) contains a signature verification bypass vulnerability in its SAML Response handling. The library does not properly verify the digital signature of SAML Response messages, allowing an attacker to forge a valid-looking assertion with arbitrary content. [1][2]

Exploitation

Prerequisites An unauthenticated attacker only needs access to any signed SAML document issued by a trusted Identity Provider (IdP). The attacker can craft a malicious SAML Response or Assertion without proper signature verification. [2] No prior authentication is required; the attack can be launched remotely over the network.

Impact

Successful exploitation allows the attacker to impersonate any user within the vulnerable system by forging arbitrary SAML assertions. This effectively bypasses authentication, granting unauthorized access to resources and privileges of any target user. [2]

Mitigation

The vulnerability is fixed in versions 1.17.0 and 1.12.3. Users should upgrade immediately. No known workarounds exist. [1][2]

References
  1. GitHub - SAML-Toolkits/ruby-saml: SAML SSO for Ruby
  2. NVD - CVE-2024-45409

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
ruby-samlRubyGems
< 1.12.31.12.3
ruby-samlRubyGems
>= 1.13.0, < 1.17.01.17.0

Affected products

17

Patches

1
4274e9d57e65

feat: new release 2.2.0

https://github.com/omniauth/omniauth-samlRoger MeierSep 10, 2024via ghsa
commit
2 files changed · +13 1
  • CHANGELOG.md+12 0 modified
    @@ -1,3 +1,15 @@
+<a name="v2.2.0"></a>
+### v2.2.0 (2024-09-10)
+
+This release fixes:
+
+* [GHSA-jw9c-mfg7-9rx2](https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2)
+* [GHSA-cvp8-5r8g-fhvq](https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvq)
+
+#### Chores
+
+* use semantic versioning for ruby-saml as per gem build hints ([e17f460](/../../commit/e17f460))
+
 <a name="v2.1.1"></a>
 ### v2.1.1 (2024-09-10)
  • lib/omniauth-saml/version.rb+1 1 modified
    @@ -1,5 +1,5 @@
 module OmniAuth
   module SAML
-    VERSION = '2.1.1'
+    VERSION = '2.2.0'
   end
 end

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

10

News mentions

3