OSVDB-124991 (ruby-saml): Ruby-Saml Gem is vulnerable to XPath Injection

Ruby-Saml Gem is vulnerable to XPath Injection

Published: April 29, 2015

SECURITY IDENTIFIERS

OSVDB: OSVDB-124991
Vendor Advisory: https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.0.0

GEM

ruby-saml

SEVERITY

CVSS v2.0: 6.7 (Medium)

PATCHED VERSIONS

>= 1.0.0

DESCRIPTION

ruby-saml before 1.0.0 is vulnerable to XPath injection on xml_security.rb. The lack of prepared statements allows for possibly command injection, leading to arbitrary code execution.

https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.0.0
https://github.com/SAML-Toolkits/ruby-saml/pull/225
https://security.snyk.io/vuln/SNYK-RUBY-RUBYSAML-20217
https://www.mend.io/vulnerability-database/WS-2015-0036

RubySec