The ruby-saml library is a popular open-source implementation of the SAML (Security Assertion Markup Language) protocol, used for single sign-on authentication in web applications. This vulnerability allows attackers to bypass authentication by manipulating the canonicalization process used by Nokogri for document transformation, which can lead to a Signature Wrapping attack.
You're affected if you use ruby-saml. Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.
To fix this vulnerability, upgrade to ruby-saml version 1.18.0 or later. You can do this by running gem install ruby-saml and then updating your Gemfile to specify the new version.
Immediate mitigations if you cannot upgrade immediately: