Upstream information
Description
The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
NVD | |
---|---|
Base Score | 4.3 |
Vector | AV:N/AC:M/Au:N/C:N/I:N/A:P |
Access Vector | Network |
Access Complexity | Medium |
Authentication | None |
Confidentiality Impact | None |
Integrity Impact | None |
Availability Impact | Partial |
SUSE Security Advisories:
- SUSE-SU-2013:1036-1, published Mon Jun 17 15:04:10 MDT 2013
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
SUSE Studio Onsite 1.3 |
| Patchnames: slestso13-susestudio |
SUSE Studio Onsite Runner 1.2 |
| Patchnames: slestso12-rubygem-ruby-openid |
SUSE Timeline for this CVE
CVE page created: Fri Jun 28 09:02:55 2013CVE page last modified: Mon Sep 9 17:11:34 2024