Description
The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the message_max_bytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64 format prior to checking the message size, leading to potential resource exhaustion. This is fixed in version 1.18.1.
References (5)
Core 5
Core References
Vendor Advisory x_refsource_confirm
https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-rrqh-93c8-j966
Issue Tracking x_refsource_misc
https://github.com/SAML-Toolkits/ruby-saml/pull/770
Patch x_refsource_misc
https://github.com/SAML-Toolkits/ruby-saml/commit/38ef5dd1ce17514e202431f569c4f5633e6c2709
Release Notes x_refsource_misc
https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.1
Scores
CVSS v4
6.9
EPSS
0.0015
EPSS Percentile
34.7%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-400
CWE-770
Status
published
Products (2)
rubygems/ruby-saml
0 - 1.18.1RubyGems
SAML-Toolkits/ruby-saml
< 1.18.1
Published
Jul 30, 2025
Tracked Since
Feb 18, 2026