Описание
Ruby OpenID (aka ruby-openid) through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developers who based their OpenID integration heavily on the "example app" provided by the project are at highest risk.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was deferred |
| devel | not-affected | 2.9.2debian-1 |
| esm-apps/bionic | deferred | 2023/07/13 |
| esm-apps/focal | not-affected | 2.9.2debian-1 |
| esm-apps/jammy | not-affected | 2.9.2debian-1 |
| esm-apps/noble | not-affected | 2.9.2debian-1 |
| esm-apps/xenial | deferred | 2023/07/13 |
| esm-infra-legacy/trusty | DNE | |
| focal | not-affected | 2.9.2debian-1 |
| groovy | not-affected | 2.9.2debian-1 |
Показывать по
10 Critical
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
Ruby OpenID (aka ruby-openid) through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developers who based their OpenID integration heavily on the "example app" provided by the project are at highest risk.
Ruby OpenID (aka ruby-openid) through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developers who based their OpenID integration heavily on the "example app" provided by the project are at highest risk.
Ruby OpenID (aka ruby-openid) through 2.8.0 has a remotely exploitable ...
10 Critical
CVSS2
9.8 Critical
CVSS3