title: omniauth-saml authentication bypass via incorrect XML canonicalization and
OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the
results of XML DOM traversal and canonicalization APIs in such a way that an attacker
may be able to manipulate the SAML data without invalidating the cryptographic signature,
allowing the attack to potentially bypass authentication to SAML service providers.
- ">= 1.10.0"