Peter Stöckli
@ulldma.bsky.social
Security Researcher and Software Engineer at GitHub Security Lab
In this demonstration I show the impact of CVE-2025-25291/CVE-2025-25292, an authentication bypass in ruby-saml used by high profile OSS projects such as GitLab. My team coordinated with both the ruby-saml maintainer and GitLab to get this vulnerability fixed and patches are available at gh.io/glfx
March 13, 2025 at 4:08 PM
In this demonstration I show the impact of CVE-2025-25291/CVE-2025-25292, an authentication bypass in ruby-saml used by high profile OSS projects such as GitLab. My team coordinated with both the ruby-saml maintainer and GitLab to get this vulnerability fixed and patches are available at gh.io/glfx
Where I'll demonstrate some typical Ruby on Rails gotchas on a real project:
https://github.blog/2023-07-28-closing-vulnerabilities-in-decidim-a-ruby-based-citizen-participation-platform/
E.g. Why you shouldn't match strings with ^ and $ when using Regex in Ruby.
https://github.blog/2023-07-28-closing-vulnerabilities-in-decidim-a-ruby-based-citizen-participation-platform/
E.g. Why you shouldn't match strings with ^ and $ when using Regex in Ruby.
July 31, 2023 at 3:03 PM
Where I'll demonstrate some typical Ruby on Rails gotchas on a real project:
https://github.blog/2023-07-28-closing-vulnerabilities-in-decidim-a-ruby-based-citizen-participation-platform/
E.g. Why you shouldn't match strings with ^ and $ when using Regex in Ruby.
https://github.blog/2023-07-28-closing-vulnerabilities-in-decidim-a-ruby-based-citizen-participation-platform/
E.g. Why you shouldn't match strings with ^ and $ when using Regex in Ruby.