Sha256: 46bdf391efaa05285af463cfbe061d00436eee589e6ea6df8afd2286e1d22050

Contents?: true

Size: 408 Bytes

Versions: 6

Compression:

Stored size: 408 Bytes

Contents

---
gem: ruby-saml
osvdb: 124991
url: https://github.com/onelogin/ruby-saml/pull/225
title: Ruby-Saml Gem is vulnerable to XPath Injection
date: 2015-04-29
description: |
  ruby-saml before 1.0.0 is vulnerable to XPath injection on xml_security.rb. The 
  lack of prepared statements allows for possibly command injection, leading to 
  arbitrary code execution
cvss_v2: 6.7
patched_versions:
  - ">= 1.0.0"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/ruby-saml/OSVDB-124991.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/ruby-saml/OSVDB-124991.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/ruby-saml/OSVDB-124991.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/ruby-saml/OSVDB-124991.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/ruby-saml/OSVDB-124991.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/ruby-saml/OSVDB-124991.yml