CVE-2013-1812

CVE-2013-1812 affects the ruby-openid gem for Ruby, with the vendor reference stating: “before 2.2.2 … allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack.” The linked advisories confirm the issue ...