CVE-2013-1812

Name of the Vulnerable Software and Affected Versions ruby-openid versions prior to 2.2.2

Description The issue allows remote OpenID providers to cause a denial of service, specifically CPU consumption, through two methods: (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack. XEE attack refers to a type of attack that exploits the use of external entities in XML documents to cause a denial of service.

Recommendations For versions prior to 2.2.2, update to version 2.2.2 or later to resolve the issue. As a temporary workaround, consider restricting the size of XRDS documents and disabling XML Entity Expansion to minimize the risk of exploitation.