Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2015-20108: Some features from the PR #197 (PR splitted) by pitbulk · Pull Request #225 · SAML-Toolkits/ruby-saml

xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used.

CVE
#xpath#ruby

Conversation

* Comment the code * Remove spaces and format some lines * Remove unnecesary errors method

pitbulk added a commit that referenced this pull request

Apr 29, 2015

Some features from the PR #197 (PR splitted): * Comment the code. * Remove spaces and format some lines. * Remove unnecessary errors method. * Improve format_cert and format_private_key. * Fix xpath injection on xml_security.rb

Related news

GHSA-r364-2pj4-pf7f: ruby-saml vulnerable to XPath injection

xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907