oss-sec mailing list archives
Re: CVE request: Command injection in ruby gem ruby-saml <1.0.0
From: Reed Loden <reed () reedloden com>
Date: Sun, 2 Aug 2015 18:27:47 -0700
Any update on a CVE assignment for this? ~reed On Thu, Jul 9, 2015 at 11:18 AM, Reed Loden <reed () reedloden com> wrote:
A follow-up to my previous CVE request. Looked into "Fix xpath injection on xml_security.rb" some more. https://github.com/onelogin/ruby-saml/pull/225#issuecomment-120084288 https://github.com/onelogin/ruby-saml/commit/1b4e3dd6d2d44efa629144b2180842456bfb2a0f#diff-661b9d9743a3ff77661f224c6191165cL242 Looks like lack of prepared statements allow for possible command injection, leading to arbitrary code execution (via something like eval()). Related to https://github.com/onelogin/ruby-saml/pull/183 / http://osvdb.org/show/osvdb/117903 (which doesn't seem to have a CVE assigned either as far as I can tell). Reference for that is https://security.dxw.com/advisories/publicly-exploitable-command-injection-in-ruby-saml-0-7-2-library-can-root-the-host/ . ~reed
Current thread:
- CVE request: Command injection in ruby gem ruby-saml <1.0.0 Reed Loden (Jul 09)
- Re: CVE request: Command injection in ruby gem ruby-saml <1.0.0 Reed Loden (Aug 02)