Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 9 Jul 2015 11:18:21 -0700
From: Reed Loden <>
	Assign a CVE Identifier <>
Subject: CVE request: Command injection in ruby gem ruby-saml <1.0.0

A follow-up to my previous CVE request. Looked into "Fix xpath injection on
xml_security.rb" some more.

Looks like lack of prepared statements allow for possible command
injection, leading to arbitrary code execution (via something like eval()).

Related to / (which doesn't seem to have a CVE
assigned either as far as I can tell). Reference for that is


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.