Add CVE-2017-11430 for omniauth-saml

Author: reedloden

gems/omniauth-saml/CVE-2017-11430.yml

@@ -0,0 +1,17 @@
+---
+gem: omniauth-saml
+cve: 2017-11430
+url: https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
+date: 2018-02-27
+title: omniauth-saml authentication bypass via incorrect XML canonicalization and DOM traversal 
+description: |
+  OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the
+  results of XML DOM traversal and canonicalization APIs in such a way that an attacker
+  may be able to manipulate the SAML data without invalidating the cryptographic signature,
+  allowing the attack to potentially bypass authentication to SAML service providers.
+
+cvss_v3: 9.8
+cvss_v2: 7.5
+
+patched_versions:
+  - ">= 1.10.0"