CVE-2024-45409: Ruby Saml Xpath Signature Wrapping
XML Signature Wrapping (CVE-2024-45409): SAML signature validation uses a document-root-relative XPath ("//ds:...") to locate ds:Reference, ds:CanonicalizationMethod, ds:DigestMethod, ds:DigestValue, or ds:Transforms/ds:Transform. Because these queries traverse the entire document instead of the already-authenticated SignedInfo/Reference subtree, an attacker
greprules fetch cve-2024-45409-ruby-saml-xpath-signature-wrapping --engine opengrepDescription
XML Signature Wrapping (CVE-2024-45409): SAML signature validation uses a document-root-relative XPath ("//ds:...") to locate ds:Reference, ds:CanonicalizationMethod, ds:DigestMethod, ds:DigestValue, or ds:Transforms/ds:Transform. Because these queries traverse the entire document instead of the already-authenticated SignedInfo/Reference subtree, an attacker
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.