Description

The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth.

Remediation

References

CVE-2015-3227

Related Vulnerabilities

Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-30599)

Squid Improper Input Validation Vulnerability (CVE-2009-2855)

WordPress 3.9.x Cross-Domain Flash Injection Vulnerability (3.9 - 3.9.22)

WordPress Plugin WP Email Template HTML Injection (2.2.10)

WordPress Plugin Author Manager Multiple Vulnerabilities (1.0)

Severity

Medium

Classification

CVE-2015-3227

Tags

Missing Update Known Vulnerabilities