ID CVE-2019-11027
Summary Ruby OpenID (aka ruby-openid) through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developers who based their OpenID integration heavily on the "example app" provided by the project are at highest risk.
References
Vulnerable Configurations
  • Openid Ruby-openid 2.8.0
    cpe:2.3:a:openid:ruby-openid:2.8.0
CVSS
Base: 10.0
Impact:
Exploitability:
Last major update 10-06-2019 - 15:29
Published 10-06-2019 - 15:29
Last modified 14-06-2019 - 08:29
Back to Top