ruby-saml gem is vulnerable to XPath injection
Published: April 29, 2015
SECURITY IDENTIFIERS
- CVE: CVE-2015-20108 (NVD)
- GHSA: GHSA-r364-2pj4-pf7f
- OSVDB: OSVDB-124991
- Vendor Advisory: https://security.snyk.io/vuln/SNYK-RUBY-RUBYSAML-20217
GEM
SEVERITY
PATCHED VERSIONS
>= 1.0.0
DESCRIPTION
xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used.
The lack of prepared statements allows for possibly command injection, leading to arbitrary code execution.
RELATED
- https://nvd.nist.gov/vuln/detail/CVE-2015-20108
- https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.0.0
- https://github.com/SAML-Toolkits/ruby-saml/pull/225
- https://github.com/SAML-Toolkits/ruby-saml/commit/9853651b96b99653ea8627d757d46bfe62ab6448
- https://security.snyk.io/vuln/SNYK-RUBY-RUBYSAML-20217
- https://www.mend.io/vulnerability-database/WS-2015-0036
- https://github.com/advisories/GHSA-r364-2pj4-pf7f