VYPR

RubyGems package

ruby-openid

pkg:gem/ruby-openid

Vulnerabilities (2)

  • CVE-2019-11027Jun 10, 2019
    affected < 2.9.0fixed 2.9.0

    Ruby OpenID (aka ruby-openid) through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid

  • CVE-2013-1812Dec 12, 2013
    affected < 2.2.2fixed 2.2.2

    The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack.