/
DirectorySecurity Advisories
Sign In
Security Advisories

CGA-m8xw-rq22-qqj4

Published

Last updated

https://images.chainguard.dev/security/CGA-m8xw-rq22-qqj4
Package

gitlab-rails-ee-17.10

Repository

Chainguard

Latest Update
Pending upstream fix
Aliases
  • GHSA-hw46-3hmr-x9xv

Severity

Unknown

Summary

omniauth-saml has dependency on ruby-saml version with Signature Wrapping Attack issue

Description

Summary

There are 2 new Critical Signature Wrapping Vulnerabilities (CVE-2025-25292, CVE-2025-25291) and a potential DDOS Moderated Vulneratiblity (CVE-2025-25293) affecting ruby-saml, a dependency of omniauth-saml.

The fix will be applied to ruby-saml and released 12 March 2025, under version 1.18.0.

Please upgrade the ruby-saml requirement to v1.18.0.

Impact

Signature Wrapping Vulnerabilities allows an attacker to impersonate a user.

References

Updates


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Products

Chainguard ContainersChainguard LibrariesChainguard VMs