CVE-2013-1812
Published: 12 December 2013
The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack.
Priority
Status
Package | Release | Status |
---|---|---|
libopenid-ruby Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Released
(2.1.7debian-1ubuntu0.1)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Released
(2.1.8debian-1ubuntu0.1)
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
upstream |
Released
(2.2.2)
|
|
ruby-openid Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Released
(2.1.8debian-5ubuntu0.1)
|
|
raring |
Not vulnerable
(2.1.8debian-6)
|
|
upstream |
Released
(2.1.8debian-6, 2.2.2)
|
|
Patches: upstream: https://github.com/openid/ruby-openid/commit/a3693cef06049563f5b4e4824f4d3211288508ed |