Omniauth Saml
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Omniauth Saml.
By the Year
In 2025 there have been 0 vulnerabilities in Omniauth Saml. Last year, in 2024 Omniauth Saml had 1 security vulnerability published. Right now, Omniauth Saml is on track to have less security vulnerabilities in 2025 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 0 | 0.00 |
2024 | 1 | 9.80 |
2023 | 0 | 0.00 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 1 | 9.80 |
2018 | 0 | 0.00 |
It may take a day or so for new Omniauth Saml vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Omniauth Saml Security Vulnerabilities
The Ruby SAML library is for implementing the client side of a SAML authorization
CVE-2024-45409
9.8 - Critical
- September 10, 2024
The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3.
Improper Verification of Cryptographic Signature
OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way
CVE-2017-11430
9.8 - Critical
- April 17, 2019
OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.
authentification
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Omniauth Saml or by Omniauth? Click the Watch button to subscribe.