OSVDB-124991: XPath Injection Vulnerability

April 29, 2015

The gem is vulnerable to XPath injection on xml_security.rb. The lack of prepared statements allows for command injection, leading to arbitrary code execution.

References

github.com/onelogin/ruby-saml/commit/9853651b96b99653ea8627d757d46bfe62ab6448

Detect and mitigate OSVDB-124991 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →