File tree Expand file tree Collapse file tree 1 file changed +33
-0
lines changed Expand file tree Collapse file tree 1 file changed +33
-0
lines changed Original file line number Diff line number Diff line change 1+ ---
2+ layout : advisory
3+ title : ' GHSA-cvp8-5r8g-fhvq (omniauth-saml): omniauth-saml vulnerable to Improper
4+ Verification of Cryptographic Signature'
5+ comments : false
6+ categories :
7+ - omniauth-saml
8+ advisory :
9+ gem : omniauth-saml
10+ ghsa : cvp8-5r8g-fhvq
11+ url : https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2
12+ title : omniauth-saml vulnerable to Improper Verification of Cryptographic Signature
13+ date : 2024-09-11
14+ description : |
15+ ruby-saml, the dependent SAML gem of omniauth-saml has a signature
16+ wrapping vulnerability in <= v1.12.0 and v1.13.0 to v1.16.0 , see
17+ https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2
18+
19+ As a result, omniauth-saml created a
20+ [new release](https://github.com/omniauth/omniauth-saml/releases)
21+ by upgrading ruby-saml to the patched versions v1.17.
22+ cvss_v3 : 10.0
23+ patched_versions :
24+ - " >= 2.1.1"
25+ related :
26+ ghsa :
27+ - https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvq
28+ - https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2
29+ - https://github.com/advisories/GHSA-cvp8-5r8g-fhvq
30+ url :
31+ - https://github.com/omniauth/omniauth-saml/commit/4274e9d57e65f2dcaae4aa3b2accf831494f2ddd
32+ - https://github.com/omniauth/omniauth-saml/commit/6c681fd082ab3daf271821897a40ab3417382e29
33+ ---
You can’t perform that action at this time.
0 commit comments