DescriptionOmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ruby-omniauth-saml (PTS)buster, bullseye1.10.0-1fixed
sid, trixie, bookworm2.1.0-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ruby-omniauth-samlsource(unstable)(not affected)


- ruby-omniauth-saml <not-affected> (The actual vulnerability is in ruby-saml, which is used by the Debian package)
The change in 1.10.0 simply bumps the version requirement

Search for package or bug name: Reporting problems