CVE-2013-1812

NameCVE-2013-1812
DescriptionThe ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs702217

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ruby-openid (PTS)buster2.7.0debian-1fixed
bullseye2.9.2debian-1fixed
bookworm2.9.2debian-2fixed
sid, trixie2.9.2debian-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libopenid-rubysourcesqueeze2.1.8debian-1+squeeze1
libopenid-rubysource(unstable)(unfixed)702217
ruby-openidsource(unstable)2.1.8debian-6702217
Search for package or bug name: Reporting problems