debian · CVE-2017-11428

Quick triage

Priority: not yet assigned 公開: Updated: Sun, 19 Jul 2026 12:01:35 GMT

参照: Official debian advisory, NVD, CVE.org · CVE 詳細

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2017-11428 not yet assigned priority: Debian including 1 source packages (ruby-saml), 2 status rows across 2 suites (bookworm, bullseye): resolved 2.

Description:

OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.

cvelogic Threat Intelligence