Skip to main content

Ruby Openid

2 CVEs product

Monthly

CVE-2019-11027 Ruby CRITICAL PATCH Act Now

Ruby OpenID (aka ruby-openid) through 2.8.0 has a remotely exploitable flaw. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ruby Openid
NVD GitHub
CVSS 3.0
9.8
EPSS
3.0%
CVE-2013-1812 Ruby MEDIUM POC PATCH This Month

The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Fedora Ruby Openid
NVD GitHub
CVSS 2.0
4.3
EPSS
0.5%
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

Ruby OpenID (aka ruby-openid) through 2.8.0 has a remotely exploitable flaw. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ruby Openid
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Fedora Ruby Openid
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy