Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
OneLogin ruby-saml 命令注入漏洞
Vulnerability Description
Onelogin OneLogin ruby-saml是美国Onelogin公司的一款基于Ruby的、用于单点登录(SSO)服务的SAML(安全断言标记语言)库。 OneLogin ruby-saml 1.0.0 之前版本存在安全漏洞,该漏洞源于不使用预设的语句,导致gem 中的 xml_security.rb 允许 XPath 注入和代码执行。
CVSS Information
N/A
Vulnerability Type
N/A