{"id":9298,"date":"2025-07-30T09:35:49","date_gmt":"2025-07-30T09:35:49","guid":{"rendered":"http:\/\/localhost\/?p=9298"},"modified":"2025-07-30T09:35:49","modified_gmt":"2025-07-30T09:35:49","slug":"ruby-saml-dos-vulnerability-with-large-saml-response","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=9298","title":{"rendered":"Ruby SAML DOS vulnerability with large SAML response"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nRuby SAML DOS vulnerability with large SAML response<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-07-30T14:05:43.820Z<\/td>\n<\/tr>\n
Modified<\/th>\n2025-07-30T14:17:41.057Z<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nSAML-Toolkits<\/td>\n<\/tr>\n
Product<\/th>\nruby-saml<\/td>\n<\/tr>\n
Version<\/th>\n< 1.18.1<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n
Base Score<\/th>\n6.9 (MEDIUM)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:N\/UI:N\/VC:N\/VI:N\/VA:L\/SC:N\/SI:N\/SA:N<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nA denial-of-service vulnerability exists in the Ruby SAML library (versions 1.18.0 and below) due to improper validation of SAML responses, potentially leading to resource exhaustion. This issue is resolved in version 1.18.1.<\/td>\n<\/tr>\n
AI Severity<\/th>\nMedium<\/td>\n<\/tr>\n
AI Vendor<\/th>\nSAML-Toolkits<\/td>\n<\/tr>\n
AI Product<\/th>\nRuby SAML<\/td>\n<\/tr>\n
AI Version<\/th>\n1.18.0 and below<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n