RubySec

Providing security resources for the Ruby community

OSVDB-117903 (ruby-saml): Ruby-Saml Gem is vulnerable to arbitrary code execution

ADVISORIES

  • OSVDB-117903

GEM

ruby-saml

PATCHED VERSIONS

  • >= 0.8.2

DESCRIPTION

ruby-saml contains a flaw that is triggered as the URI value of a SAML response is not properly sanitized through a prepared statement. This may allow a remote attacker to execute arbitrary shell commands on the host machine.