CVE-2019-11027

Ruby OpenID aka ruby-openid through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developer...

CVE-2019-11027

Ruby OpenID (ruby-openid) up to version 2.8.0 contains a remote SSRF vulnerability in the OpenID discovery/verification flow. Exploitation could cause the server to connect to an attacker-controlled URL, potentially leaking private information. Public advisories describe impact as remote, with hi...

CVE-2019-11027

Ruby OpenID aka ruby-openid through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developer...

Unspecified Vulnerability in Ruby OpenID

Ruby OpenID is a Ruby library for providing and verifying OpenID identities. A security vulnerability exists in Ruby OpenID 2.8.0 and earlier versions. No details of the vulnerability are provided at this time...

Denial of service in ruby-openid

The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service CPU consumption via 1 a large XRDS document or 2 an XML Entity Expansion XEE attack...

GHSA-6C8P-QPHV-668V Denial of service in ruby-openid

The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service CPU consumption via 1 a large XRDS document or 2 an XML Entity Expansion XEE attack...

Vulnerable to XIE DoS attacks

The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service CPU consumption via 1 a large XRDS document or 2 an XML Entity Expansion XEE attack...

Gentoo Security Advisory GLSA 201405-14

Gentoo Linux Local Security Checks GLSA 201405-14 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

GLSA-201405-14 : Ruby OpenID: Denial of Service

The remote host is affected by the vulnerability described in GLSA-201405-14 Ruby OpenID: Denial of Service An XML entity parsing error has been discovered in Ruby OpenID. Impact : A remote attacker could send a specially crafted XML file, possibly resulting in a Denial of Service condition...

Ruby OpenID: Denial of service

Background Ruby OpenID is a robust library for verifying and serving OpenID identities. Description An XML entity parsing error has been discovered in Ruby OpenID. Impact A remote attacker could send a specially crafted XML file, possibly resulting in a Denial of Service condition. Workaround The...

CVE-2013-1812

The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service CPU consumption via 1 a large XRDS document or 2 an XML Entity Expansion XEE attack...

CVE-2013-1812

The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service CPU consumption via 1 a large XRDS document or 2 an XML Entity Expansion XEE attack...

Design/Logic Flaw

The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service CPU consumption via 1 a large XRDS document or 2 an XML Entity Expansion XEE attack...

CVE-2013-1812

The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service CPU consumption via 1 a large XRDS document or 2 an XML Entity Expansion XEE attack...

CVE-2013-1812

The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service CPU consumption via 1 a large XRDS document or 2 an XML Entity Expansion XEE attack...

Fedora 20 : rubygem-ruby-openid-2.3.0-3.fc20 (2013-20238)

New package. A Ruby library for verifying and serving OpenID identities. Ruby OpenID makes it easy to add OpenID authentication to your web applications. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has...

[SECURITY] Fedora 20 Update: rubygem-ruby-openid-2.3.0-3.fc20

The Ruby OpenID library, with batteries included. A Ruby library for verifying and serving OpenID identities. Ruby OpenID makes it easy to add OpenID authentication to your web applications...

[SECURITY] Fedora 19 Update: rubygem-ruby-openid-2.3.0-3.fc19

The Ruby OpenID library, with batteries included. A Ruby library for verifying and serving OpenID identities. Ruby OpenID makes it easy to add OpenID authentication to your web applications...

Fedora Update for rubygem-ruby-openid FEDORA-2013-20260

Check for the Version of rubygem-ruby-openid OpenVAS Vulnerability Test Fedora Update for rubygem-ruby-openid FEDORA-2013-20260 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/...

Fedora Update for rubygem-ruby-openid FEDORA-2013-20260

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...