OSVDB-117903: Arbitrary code execution

February 3, 2015

The gem contains a flaw that is triggered as the URI value of a SAML response is not properly sanitized through a prepared statement. This may allow a remote attacker to execute arbitrary shell commands on the host machine.

References

www.osvdb.org/show/osvdb/117903
github.com/onelogin/ruby-saml/pull/183

Code Behaviors & Features

Detect and mitigate OSVDB-117903 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →