Описание
The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| hardy | DNE | |
| lucid | released | 2.1.7debian-1ubuntu0.1 |
| oneiric | ignored | end of life |
| precise | released | 2.1.8debian-1ubuntu0.1 |
| quantal | DNE | |
| raring | DNE | |
| upstream | released | 2.2.2 |
Показывать по
10
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 2.1.8debian-6 |
| hardy | DNE | |
| lucid | DNE | |
| oneiric | DNE | |
| precise | DNE | |
| quantal | released | 2.1.8debian-5ubuntu0.1 |
| raring | not-affected | 2.1.8debian-6 |
| upstream | released | 2.1.8debian-6, 2.2.2 |
Показывать по
10
4.3 Medium
CVSS2
Связанные уязвимости
nvd
около 12 лет назад
The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack.
debian
около 12 лет назад
The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID provide ...
4.3 Medium
CVSS2