{"id":"CVE-2019-11027","details":"Ruby OpenID (aka ruby-openid) through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developers who based their OpenID integration heavily on the \"example app\" provided by the project are at highest risk.","aliases":["GHSA-fqfj-cmh6-hj49"],"modified":"2026-04-02T01:29:36.077427Z","published":"2019-06-10T19:29:00.607Z","references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2019/10/msg00014.html"},{"type":"ADVISORY","url":"https://marc.info/?l=openid-security&m=155154717027534&w=2"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202003-09"},{"type":"REPORT","url":"https://github.com/openid/ruby-openid/issues/122"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openid/ruby-openid","events":[{"introduced":"0"},{"last_affected":"a8e643d194acc35c7d5890109b14e0c6f590a1fe"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.8.0"}]}}],"versions":["v2.2.0","v2.2.1","v2.2.2","v2.2.3","v2.3.0","v2.4.0","v2.5.0","v2.6.0","v2.7.0","v2.8.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11027.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}