CNNVD-202507-3778 Information
CNNVD ID
CNNVD-202507-3778
Related CVE
- CNNVD Published: 2025-07-30
Description (Chinese)
Ruby SAML是SAML-Toolkits开源的一个 SAML 授权客户端的实现。 Ruby SAML 1.18.0及之前版本存在安全漏洞,该漏洞源于在检查消息大小前验证SAML响应的Base64格式,可能导致资源耗尽。
Description (English)
Ruby SAML is a SAML-Toolkits open source of SAML authorization. There is a security loophole in Ruby SAML 1.18.0 and earlier versions, which stems from the Base64 format, which validates SAML’s response before checking messages, and may lead to depletion of resources.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
SAML-Toolkits
Published
2025-07-30
Last Modified
2026-02-24
References
https://github.com/SAML-Toolkits/ruby-saml/commit/38ef5dd1ce17514e202431f569c4f5633e6c2709 https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-rrqh-93c8-j966 https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.1 https://github.com/SAML-Toolkits/ruby-saml/pull/770 https://vigilance.fr/vulnerability/Ruby-SAML-denial-of-service-via-message-max-bytesize-48104
Patch
https://github.com/SAML-Toolkits/ruby-saml/releases
Share on: