Lucene search
RedhatCVELIST:CVE-2013-1812HistoryDec 12, 2013 - 6:00 p.m.
CVE-2013-1812
2013-12-1218:00:00
redhat
www.cve.org
The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack.
References
lists.fedoraproject.org/pipermail/package-announce/2013-November/120204.html
lists.fedoraproject.org/pipermail/package-announce/2013-November/120361.html
www.openwall.com/lists/oss-security/2013/03/03/8
bugzilla.redhat.com/show_bug.cgi?id=918134
github.com/openid/ruby-openid/blob/master/CHANGELOG.md
github.com/openid/ruby-openid/commit/a3693cef06049563f5b4e4824f4d3211288508ed
github.com/openid/ruby-openid/pull/43
Related
cve
cve
CVE-2013-1812
2013-12-12 18:55:10
osv
osv
Denial of service in ruby-openid
2017-10-24 18:33:37
openvas
openvas
Gentoo Security Advisory GLSA 201405-14
2015-09-29 00:00:00
Fedora Update for rubygem-ruby-openid FEDORA-2013-20260
2013-11-08 00:00:00
Fedora Update for rubygem-ruby-openid FEDORA-2013-20260
2013-11-08 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: rubygem-ruby-openid-2.3.0-3.fc20
2013-11-10 06:09:33
[SECURITY] Fedora 19 Update: rubygem-ruby-openid-2.3.0-3.fc19
2013-11-08 04:31:28
gentoo
gentoo
Ruby OpenID: Denial of service
2014-05-17 00:00:00
github
github
Denial of service in ruby-openid
2017-10-24 18:33:37
debiancve
debiancve
CVE-2013-1812
2013-12-12 18:55:10
nessus
nessus
Fedora 20 : rubygem-ruby-openid-2.3.0-3.fc20 (2013-20238)
2013-11-11 00:00:00
GLSA-201405-14 : Ruby OpenID: Denial of Service
2014-05-19 00:00:00
Fedora 19 : rubygem-ruby-openid-2.3.0-3.fc19 (2013-20260)
2013-11-08 00:00:00
ubuntucve
ubuntucve
CVE-2013-1812
2013-12-12 00:00:00
prion
prion
Design/Logic Flaw
2013-12-12 18:55:00
nvd
nvd
CVE-2013-1812
2013-12-12 18:55:10
rosalinux
rosalinux
Advisory ROSA-SA-2021-1966
2021-07-02 18:06:34