CVE-2013-1821

lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ruby-lang:ruby:*:p385:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*

History

No history.

Information

Published : 2013-04-09 21:55

Updated : 2024-02-04 18:16


NVD link : CVE-2013-1821

Mitre link : CVE-2013-1821

CVE.ORG link : CVE-2013-1821


JSON object : View

Products Affected

ruby-lang

  • ruby
CWE
CWE-20

Improper Input Validation