Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 9 Jul 2015 11:18:21 -0700
From: Reed Loden <>
	Assign a CVE Identifier <>
Subject: CVE request: Command injection in ruby gem ruby-saml <1.0.0

A follow-up to my previous CVE request. Looked into "Fix xpath injection on
xml_security.rb" some more.

Looks like lack of prepared statements allow for possible command
injection, leading to arbitrary code execution (via something like eval()).

Related to / (which doesn't seem to have a CVE
assigned either as far as I can tell). Reference for that is


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ