Ruby SAML allows a SAML authentication bypass due to namespace handling (parser differential)
        
  Critical severity
        
          GitHub Reviewed
      
        Published
          Mar 12, 2025 
          in
          
            SAML-Toolkits/ruby-saml
          
          •
          Updated Sep 13, 2025 
      
  
Package
Affected versions
>= 1.13.0, < 1.18.0
      < 1.12.4
  Patched versions
1.18.0
      1.12.4
  Description
        Published to the GitHub Advisory Database
      Mar 12, 2025 
    
  
        Reviewed
      Mar 12, 2025 
    
  
        Published by the National Vulnerability Database
      Mar 12, 2025 
    
  
        Last updated
      Sep 13, 2025 
    
  
Summary
An authentication bypass vulnerability was found in ruby-saml due to a parser differential.
ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack.
Impact
This issue may lead to authentication bypass.
References