6 matches found
Linux Distros Unpatched Vulnerability : CVE-2019-11027
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ruby OpenID aka ruby-openid through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers...
CVE-2019-11027
Ruby OpenID aka ruby-openid through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developer...
[SECURITY] [DLA 1956-1] ruby-openid security update
Package : ruby-openid Version : 2.5.0debian-1+deb8u1 CVE ID : CVE-2019-11027 ruby-openid performed discovery first, and then verification. This allowed an attacker to change the URL used for discovery and trick the server into connecting to the URL. This server in turn could be a private server n...
CVE-2019-11027
Ruby OpenID aka ruby-openid through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developer...
CVE-2019-11027
Ruby OpenID aka ruby-openid through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developer...
CVE-2019-11027
Ruby OpenID (ruby-openid) up to version 2.8.0 contains a remote SSRF vulnerability in the OpenID discovery/verification flow. Exploitation could cause the server to connect to an attacker-controlled URL, potentially leaking private information. Public advisories describe impact as remote, with hi...