CVE-2015-20108

Опубликовано: 27 мая 2023

Источник: debian

Описание

xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used.

Пакет	Статус	Версия исправления	Релиз	Тип
ruby-saml	fixed	1.0.0-1		package

https://github.com/SAML-Toolkits/ruby-saml/commit/9853651b96b99653ea8627d757d46bfe62ab6448 (v1.0.0)
https://github.com/SAML-Toolkits/ruby-saml/pull/225

CVE-2015-20108

CVSS3: 9.8

ubuntu

больше 2 лет назад

xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used.

CVE-2015-20108

CVSS3: 9.8

nvd

больше 2 лет назад

xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used.

GHSA-r364-2pj4-pf7f

CVSS3: 9.8

github

больше 2 лет назад

ruby-saml vulnerable to XPath injection