CNNVD-202512-1365 Information

CNNVD ID

CNNVD-202512-1365

Related CVE

CVE-2025-66568

• CNNVD Published: 2025-12-09

Description (Chinese)

Ruby SAML是SAML-Toolkits开源的一个 SAML 授权客户端的实现。 Ruby SAML 1.12.4及之前版本存在数据伪造问题漏洞，该漏洞源于libxml2规范化过程存在缺陷，可能导致身份验证绕过。

Description (English)

Ruby SAML is a SAML-Toolkits open source of SAML authorization. Ruby SAML 1.12.4 and previous versions had a gap in data forgery, which stemmed from deficiencies in the libxml2 regularization process, which could lead to a circumvention of identification.

Hazard Level

High

Vulnerability Type

数据伪造问题

Affected Vendor

SAML-Toolkits

Published

2025-12-09

Last Modified

2026-02-24

References

https://github.com/SAML-Toolkits/ruby-saml/commit/acac9e9cc0b9a507882c614f25d41f8b47be349a https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-x4h9-gwv3-r4m4

Patch

https://github.com/SAML-Toolkits/ruby-saml/releases