OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| ruby-saml(RubyGems) | 0 | 1.7.0 | N/A |
CVSS Metrics
