ruby-saml gem is vulnerable to XPath injection

xmlsecurity.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used. The lack of prepared statements allows for possibly command injection, leading to arbitrary code execution...