OSVDB-124383 (ruby-saml): Ruby-Saml Gem is vulnerable to entity expansion attacks

June 30th, 2015

Ruby-Saml Gem is vulnerable to entity expansion attacks

Published: June 30, 2015

SECURITY IDENTIFIERS

OSVDB: OSVDB-124383
Vendor Advisory: https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.0.0

GEM

SEVERITY

CVSS v2.0: 3.9 (Low)

PATCHED VERSIONS

>= 1.0.0

DESCRIPTION

ruby-saml before 1.0.0 is vulnerable to entity expansion attacks.

RELATED