Lucene search

[email protected]CVE-2015-20108

HistoryMay 27, 2023 - 7:15 p.m.

CVE-2015-20108

2023-05-2719:15:09

CWE-77

[email protected]

web.nvd.nist.gov

cve-2015-20108

xml security

ruby

xpath injection

code execution

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.4%

JSON

xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used.

Affected configurations

NVD

Node

oneloginruby-samlRange<1.0.0

CPENameOperatorVersion
onelogin:ruby-samlonelogin ruby-samllt1.0.0

CPE	Name	Operator	Version
onelogin:ruby-saml	onelogin ruby-saml	lt	1.0.0

References

github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-saml/OSVDB-124991.yml

github.com/SAML-Toolkits/ruby-saml/commit/9853651b96b99653ea8627d757d46bfe62ab6448

github.com/SAML-Toolkits/ruby-saml/compare/v0.9.2...v1.0.0

github.com/SAML-Toolkits/ruby-saml/pull/225

security.netapp.com/advisory/ntap-20230703-0003/

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.4%

JSON

Related for CVE-2015-20108

prion1 debiancve1 osv1 ubuntucve1 nvd1 veracode1 github1 cvelist1