Ruby · Ruby-Saml · CVE-2016-5697
**Name of the Vulnerable Software and Affected Versions**
ruby-saml versions prior to 1.3.0
**Description**
The issue allows attackers to perform XML signature wrapping attacks. This occurs in a specific scenario where a signature references two elements simultaneously, one of which is inside an encrypted assertion, bypassing the scheme validator process.
**Recommendations**
For ruby-saml versions prior to 1.3.0, update to version 1.3.0, which implements extra validations to mitigate this kind of attack.