Skip to content

Commit

Permalink
Add New Ruby-Saml vulnerability
Browse files Browse the repository at this point in the history
* A second Ruby advisory with the same story, CVE request but not OSVDB
was sent out today as well. Added that. The CVSS_2 scores were
calculated by a colleague
  • Loading branch information
VanessaHenderson authored and postmodern committed Jul 21, 2015
1 parent 50db3e4 commit d9ec6d2
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 0 deletions.
11 changes: 11 additions & 0 deletions gems/ruby-saml/OSVDB-124383.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
---
gem: ruby-saml
osvdb: 124383
url: https://github.com/onelogin/ruby-saml/pull/247
title: Ruby-Saml Gem is vulnerable to entity expansion attacks
date: 2015-06-30
description: |
ruby-saml before 1.0.0 is vulnerable to entity expansion attacks.
cvss_v2: 3.9
patched_versions:
- ">= 1.0.0"
13 changes: 13 additions & 0 deletions gems/ruby-saml/OSVDB-124991.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
---
gem: ruby-saml
osvdb: 124991
url: https://github.com/onelogin/ruby-saml/pull/225
title: Ruby-Saml Gem is vulnerable to XPath Injection
date: 2015-04-29
description: |
ruby-saml before 1.0.0 is vulnerable to XPath injection on xml_security.rb. The
lack of prepared statements allows for possibly command injection, leading to
arbitrary code execution
cvss_v2: 6.7
patched_versions:
- ">= 1.0.0"

0 comments on commit d9ec6d2

Please sign in to comment.