Description

lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.

Remediation

References

CVE-2013-1821

Related Vulnerabilities

Drupal Other Vulnerability (CVE-2024-22362)

WordPress Plugin Users Ultra SQL Injection (1.4.35)

Python CVE-2022-42919 Vulnerability (CVE-2022-42919)

Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-34961)

WordPress Plugin WP Fastest Cache Multiple Vulnerabilities (0.9.4)

Severity

Medium

Classification

CVE-2013-1821 CWE-20

Tags

Missing Update Known Vulnerabilities