Critical severityNVD Advisory· Published Jun 10, 2019· Updated Aug 4, 2024
CVE-2019-11027
CVE-2019-11027
Description
Ruby OpenID (aka ruby-openid) through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developers who based their OpenID integration heavily on the "example app" provided by the project are at highest risk.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ruby-openidRubyGems | < 2.9.0 | 2.9.0 |
Affected products
2- Ruby/ruby-openiddescription
Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-fqfj-cmh6-hj49ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-11027ghsaADVISORY
- security.gentoo.org/glsa/202003-09ghsavendor-advisoryx_refsource_GENTOOWEB
- github.com/openid/ruby-openid/commit/d181a8a2099c64365a1d24b29f6b6b646673a131ghsaWEB
- github.com/openid/ruby-openid/issues/122ghsax_refsource_MISCWEB
- github.com/openid/ruby-openid/releases/tag/v2.9.0ghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-openid/CVE-2019-11027.ymlghsaWEB
- lists.debian.org/debian-lts-announce/2019/10/msg00014.htmlghsamailing-listx_refsource_MLISTWEB
- marc.infoghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.