Description

lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.

Remediation

References

CVE-2013-1821

Related Vulnerabilities

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2007-5899)

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3963)

WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.17)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-2196)

Drupal Core 4.7.x SQL Injection (4.7.0 - 4.7.8)

Severity

Medium

Classification

CVE-2013-1821 CWE-20

Tags

Missing Update Known Vulnerabilities