CVE-2017-11430

Name of the Vulnerable Software and Affected Versions OmniAuth OmniAuth-SAML versions 1.9.0 and earlier

Description The issue arises from incorrect utilization of XML DOM traversal and canonicalization APIs, allowing an attacker to manipulate SAML data without invalidating its cryptographic signature. This could potentially enable the attacker to bypass authentication to SAML service providers.

Recommendations For OmniAuth OmniAuth-SAML versions 1.9.0 and earlier, consider updating to a version that correctly handles XML DOM traversal and canonicalization APIs to prevent SAML data manipulation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.