Description

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.

Remediation

References

CVE-2014-8080

Related Vulnerabilities

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-3383)

WordPress Plugin Mobile browser color select Cross-Site Request Forgery (1.0.1)

WordPress Plugin Login/Signup Popup (Inline Form + Woocommerce) Cross-Site Scripting (1.4)

Python NULL Pointer Dereference Vulnerability (CVE-2019-5010)

WordPress Plugin Paid Membership, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content-ProfilePress Cross-Site Scripting (4.5.3)

Severity

Medium

Classification

CVE-2014-8080

Tags

Missing Update Known Vulnerabilities