CVE-2013-1812
Publication date 12 December 2013
Last updated 24 July 2024
Ubuntu priority
The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack.
Status
Package | Ubuntu Release | Status |
---|---|---|
libopenid-ruby | 13.04 raring | Not in release |
12.10 quantal | Not in release | |
12.04 LTS precise |
Fixed 2.1.8debian-1ubuntu0.1
|
|
11.10 oneiric | Ignored end of life | |
10.04 LTS lucid |
Fixed 2.1.7debian-1ubuntu0.1
|
|
8.04 LTS hardy | Not in release | |
ruby-openid | 13.04 raring |
Not affected
|
12.10 quantal |
Fixed 2.1.8debian-5ubuntu0.1
|
|
12.04 LTS precise | Not in release | |
11.10 oneiric | Not in release | |
10.04 LTS lucid | Not in release | |
8.04 LTS hardy | Not in release |