VYPR

Ruby SAML

by Onelogin

CVEs (2)

  • CVE-2016-5697HigJan 23, 2017
    risk 0.42cvss 7.5epss 0.01

    Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors.

  • CVE-2017-11428Apr 17, 2019
    risk 0.00cvss epss 0.03

    OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially…