Overview:
Ruby-saml prior to version 1.3.0 is vulnerable to an XML signature wrapping attack. Ruby-saml users must update to 1.3.0 version which implements 3 extra validations to mitigate this kind of attack.
Overall CVSS Score 6.1
Fix: Add extra validations to prevent Signature wrapping attacks [1]
[1] https://github.com/onelogin/ruby-saml