Lightnews — Scholar-powered news

Reposted by Sylwia Budzynska

GitHub Security Lab @securitylab.github.com · Mar 12

In this blog post, we detail newly discovered authentication bypass vulnerabilities in the ruby-saml library used for single sign-on (SSO) via SAML on the service provider (application) side. github.blog/security/sig...

Sign in as anyone: Bypassing SAML SSO authentication with parser differentials

Critical authentication bypass vulnerabilities were discovered in ruby-saml up to version 1.17.0. See how they were uncovered.

github.blog

6 7

Reposted by Sylwia Budzynska

Peter Stöckli @ulldma.bsky.social · Mar 12

If you're using ruby-saml or omniauth-saml for SAML authentication make sure to update these libraries as fast as possible! Fixes for two critical authentication bypass vulnerabilities were published today (CVE-2025-25291 + CVE-2025-25292).

github.blog/security/sig...

Sign in as anyone: Bypassing SAML SSO authentication with parser differentials

Critical authentication bypass vulnerabilities were discovered in ruby-saml up to version 1.17.0. See how they were uncovered.

github.blog

1 10 11

Sylwia Budzynska @blazingwind.bsky.social · Dec 11

🚀 CodeQL zero to hero part 4: Gradio case study is out! This time we dive into how I wrote CodeQL to support the @hf.co's Gradio framework, scaled the research to a thousand repositories on GitHub, and found 11 vulnerabilities.

gh.io/codeql-part-4

CodeQL zero to hero part 4: Gradio framework case study

Learn how I discovered 11 new vulnerabilities by writing CodeQL models for Gradio framework and how you can do it, too.

gh.io

1 4

Reposted by Sylwia Budzynska

trendels.name @trendels.name · Dec 6

There's a great analysis here by @yossarian.net : blog.yossarian.net/2024/12/06/z...

zizmor would have caught the Ultralytics workflow vulnerability

blog.yossarian.net

3 16