RubySec

Providing security resources for the Ruby community

OSVDB-124383 (ruby-saml): Ruby-Saml Gem is vulnerable to entity expansion attacks

ADVISORIES

GEM

ruby-saml

SEVERITY

CVSS v2.0: 3.9 (Low)

PATCHED VERSIONS

  • >= 1.0.0

DESCRIPTION

ruby-saml before 1.0.0 is vulnerable to entity expansion attacks.

RELATED

Contact us @rubysec or open an issue on our GitHub repository.

Recent Advisories