oss-sec mailing list archives
CVE request: XEE in ruby gem ruby-saml <1.0.0
From: Reed Loden <reed () reedloden com>
Date: Thu, 9 Jul 2015 02:48:35 -0700
Noticed this when reading changelog entries... I'm weird like that. https://github.com/onelogin/ruby-saml/pull/247 https://github.com/onelogin/ruby-saml/commit/a2e5318530701bf14528c5b3b51c880b3499a75d "Avoid entity expansion (XEE attacks)" Release notes for ruby-saml v1.0.0 https://github.com/onelogin/ruby-saml/releases/tag/v1.0.0 (I wonder if the "Fix xpath injection on xml_security.rb" fix is a vuln as well) ~reed
Current thread:
- CVE request: XEE in ruby gem ruby-saml <1.0.0 Reed Loden (Jul 09)
- Re: CVE request: XEE in ruby gem ruby-saml <1.0.0 Reed Loden (Aug 02)