Description

The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth.

Remediation

References

CVE-2015-3227

Related Vulnerabilities

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-20507)

WordPress Plugin DVS Custom Notification Multiple Cross-Site Request Forgery Vulnerabilities (1.0.1)

WordPress Plugin User Activity Security Bypass (1.0.1)

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-0827)

IBM RTC Cleartext Storage of Sensitive Information Vulnerability (CVE-2021-29786)

Severity

Medium

Classification

CVE-2015-3227

Tags

Missing Update Known Vulnerabilities