File tree Expand file tree Collapse file tree 2 files changed +28
-19
lines changed Expand file tree Collapse file tree 2 files changed +28
-19
lines changed Original file line number Diff line number Diff line change 1+ ---
2+ gem : ruby-saml
3+ osvdb : 124991
4+ cve : 2015-20108
5+ ghsa : r364-2pj4-pf7f
6+ url : https://security.snyk.io/vuln/SNYK-RUBY-RUBYSAML-20217
7+ title : ruby-saml gem is vulnerable to XPath injection
8+ date : 2015-04-29
9+ description : |
10+ xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby
11+ allows XPath injection and code execution because prepared
12+ statements are not used.
13+
14+ The lack of prepared statements allows for possibly command
15+ injection, leading to arbitrary code execution.
16+ cvss_v2 : 6.7
17+ cvss_v3 : 9.8
18+ patched_versions :
19+ - " >= 1.0.0"
20+ related :
21+ url :
22+ - https://nvd.nist.gov/vuln/detail/CVE-2015-20108
23+ - https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.0.0
24+ - https://github.com/SAML-Toolkits/ruby-saml/pull/225
25+ - https://github.com/SAML-Toolkits/ruby-saml/commit/9853651b96b99653ea8627d757d46bfe62ab6448
26+ - https://security.snyk.io/vuln/SNYK-RUBY-RUBYSAML-20217
27+ - https://www.mend.io/vulnerability-database/WS-2015-0036
28+ - https://github.com/advisories/GHSA-r364-2pj4-pf7f
Load Diff This file was deleted.
You can’t perform that action at this time.
0 commit comments