Headline
CVE-2015-20108: Some features from the PR #197 (PR splitted) by pitbulk · Pull Request #225 · SAML-Toolkits/ruby-saml
xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used.
Conversation
* Comment the code * Remove spaces and format some lines * Remove unnecesary errors method
pitbulk added a commit that referenced this pull request
Apr 29, 2015
Some features from the PR #197 (PR splitted): * Comment the code. * Remove spaces and format some lines. * Remove unnecessary errors method. * Improve format_cert and format_private_key. * Fix xpath injection on xml_security.rb
Related news
GHSA-r364-2pj4-pf7f: ruby-saml vulnerable to XPath injection
xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used.