Janrain » Ruby-openid : Security Vulnerabilities, CVEs, Published In 2013
The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack.
Max CVSS
4.3
EPSS Score
0.89%
Published
2013-12-12
Updated
2013-12-13
1 vulnerabilities found