VYPR
Moderate severityNVD Advisory· Published Dec 12, 2013· Updated Jun 16, 2026

CVE-2013-1812

CVE-2013-1812

Description

The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
ruby-openidRubyGems
< 2.2.22.2.2

Affected products

5
  • cpe:2.3:a:janrain:ruby-openid:2.2.0:-:-:*:-:ruby:*:*+ 1 more
    • cpe:2.3:a:janrain:ruby-openid:2.2.0:-:-:*:-:ruby:*:*
    • cpe:2.3:a:janrain:ruby-openid:*:-:-:*:-:ruby:*:*range: <=2.2.1
  • cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*
    • cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*
  • ghsa-coords
    Range: < 2.2.2

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.