Moderate severityNVD Advisory· Published Dec 12, 2013· Updated Jun 16, 2026
CVE-2013-1812
CVE-2013-1812
Description
The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ruby-openidRubyGems | < 2.2.2 | 2.2.2 |
Affected products
5cpe:2.3:a:janrain:ruby-openid:2.2.0:-:-:*:-:ruby:*:*+ 1 more
- cpe:2.3:a:janrain:ruby-openid:2.2.0:-:-:*:-:ruby:*:*
- cpe:2.3:a:janrain:ruby-openid:*:-:-:*:-:ruby:*:*range: <=2.2.1
cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
10- www.openwall.com/lists/oss-security/2013/03/03/8nvdPatchWEB
- github.com/openid/ruby-openid/commit/a3693cef06049563f5b4e4824f4d3211288508ednvdExploitPatchWEB
- github.com/advisories/GHSA-6c8p-qphv-668vghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2013-1812ghsaADVISORY
- lists.fedoraproject.org/pipermail/package-announce/2013-November/120204.htmlnvdWEB
- lists.fedoraproject.org/pipermail/package-announce/2013-November/120361.htmlnvdWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- github.com/openid/ruby-openid/blob/master/CHANGELOG.mdnvdWEB
- github.com/openid/ruby-openid/pull/43nvdWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-openid/CVE-2013-1812.ymlghsaWEB
News mentions
0No linked articles in our index yet.