Primary

Context

Ruby SAML Library Denial-of-Service Vulnerability

Vulnerability

Patched

A denial-of-service vulnerability has been identified in the Ruby SAML library, specifically in versions prior to 1.18.1. The issue arises because the library validates SAML responses for Base64 encoding before checking the message size, creating a risk of resource exhaustion. This vulnerability exists even when the 'message_max_bytesize' setting is configured, as the protection is ineffective in certain scenarios due to the order of operations in the code.

Impact

Exploitation of this vulnerability can lead to excessive memory usage, increased CPU load, application slowdowns or unresponsiveness, and in severe cases, complete application crashes. This can also cause denial-of-service conditions for legitimate users.

Remediation

Users can upgrade to Ruby SAML version 1.18.1 or later to address this vulnerability.

Added: Jul 30, 2025, 2:36 PM

Updated: Jul 30, 2025, 2:36 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

9.1

remediation

7.7

relevance

0.3

threat

4.8

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

9.1

remediation

7.7

relevance

0.3

threat

4.8

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ruby SAML Library Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

SAML-Toolkits ruby-saml

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating