oss-sec mailing list archives
CVE request: ruby-openid XML denial of service attack
From: Marcus Meissner <meissner () suse de>
Date: Fri, 1 Mar 2013 16:50:37 +0100
Hi, ruby-openid is affected by a XML denial of service (Entity Expansion Attack / out of memory) attack as recently described. https://github.com/openid/ruby-openid/commit/a3693cef06049563f5b4e4824f4d3211288508ed https://github.com/openid/ruby-openid/pull/43 https://bugzilla.novell.com/show_bug.cgi?id=804717 Ciao, Marcus
Current thread:
- CVE request: ruby-openid XML denial of service attack Marcus Meissner (Mar 01)
- Re: CVE request: ruby-openid XML denial of service attack Kurt Seifried (Mar 02)