Critical severityNVD Advisory· Published May 27, 2023· Updated Jan 14, 2025
CVE-2015-20108
CVE-2015-20108
Description
xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ruby-samlRubyGems | < 1.0.0 | 1.0.0 |
Affected products
2- ruby-saml/ruby-samldescription
Patches
Vulnerability mechanics
References
10- github.com/advisories/GHSA-r364-2pj4-pf7fghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-20108ghsaADVISORY
- github.com/SAML-Toolkits/ruby-saml/commit/9853651b96b99653ea8627d757d46bfe62ab6448ghsaWEB
- github.com/SAML-Toolkits/ruby-saml/compare/v0.9.2...v1.0.0ghsaWEB
- github.com/SAML-Toolkits/ruby-saml/pull/225ghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-saml/CVE-2015-20108.ymlghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-saml/OSVDB-124991.ymlghsaWEB
- security.netapp.com/advisory/ntap-20230703-0003ghsaWEB
- security.snyk.io/vuln/SNYK-RUBY-RUBYSAML-20217ghsaWEB
- security.netapp.com/advisory/ntap-20230703-0003/mitre
News mentions
0No linked articles in our index yet.