ADVISORIES
GEM
SEVERITY
CVSS v3.x: 7.5 (High)
PATCHED VERSIONS
- >= 2.6.2
DESCRIPTION
Zendesk Samlr before 2.6.2 allows an XML nodes comment attack such as a name_id node with user@example.com followed by <!—->. and then the attacker's domain name.
| Get Updates: | Via Atom | On Twitter | On GitHub |
RubySec
Providing security resources for the Ruby community