VYPR

RubyGems package

omniauth-saml

pkg:gem/omniauth-saml

Vulnerabilities (1)

  • CVE-2017-11430HigApr 17, 2019
    affected < 1.10.0fixed 1.10.0

    OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially