oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE request: ruby-openid XML denial of service attack

From: Marcus Meissner <meissner () suse de>
Date: Fri, 1 Mar 2013 16:50:37 +0100
Hi,

ruby-openid is affected by a XML denial of service (Entity Expansion Attack / out of memory) attack
as recently described.

https://github.com/openid/ruby-openid/commit/a3693cef06049563f5b4e4824f4d3211288508ed
https://github.com/openid/ruby-openid/pull/43
https://bugzilla.novell.com/show_bug.cgi?id=804717

Ciao, Marcus
Previous By Date Next
Previous By Thread Next

Current thread: