File tree Expand file tree Collapse file tree 1 file changed +32
-0
lines changed Expand file tree Collapse file tree 1 file changed +32
-0
lines changed Original file line number Diff line number Diff line change 1+ ---
2+ layout : advisory
3+ title : ! ' CVE-2016-5697: XML signature wrapping attack'
4+ comments : false
5+ categories :
6+ - ruby-saml
7+ advisory :
8+ gem : ruby-saml
9+ cve : 2016-5697
10+ url : https://github.com/onelogin/ruby-saml/commit/a571f52171e6bfd87db59822d1d9e8c38fb3b995
11+ title : XML signature wrapping attack
12+ date : 2016-06-24
13+ description : ! ' ruby-saml prior to version 1.3.0 is vulnerable to an XML signature
14+ wrapping attack
15+
16+ in the specific scenario where there was a signature that referenced at the same
17+ time
18+
19+ 2 elements (but past the scheme validator process since 1 of the element was inside
20+
21+ the encrypted assertion).
22+
23+
24+ ruby-saml users must update to 1.3.0, which implements 3 extra validations to
25+
26+ mitigate this kind of attack.
27+
28+ '
29+ cvss_v3 : 6.1
30+ patched_versions :
31+ - ! '>= 1.3.0'
32+ ---
You can’t perform that action at this time.
0 commit comments