The ruby-openid gem prior to 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fedoraproject fedora 18 |
||
fedoraproject fedora 17 |
||
janrain ruby-openid |
||
janrain ruby-openid 2.2.0 |