Описание
lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Enterprise 1 | ruby193-ruby | Affected | ||
| Red Hat JBoss SOA Platform 4 | jruby | Will not fix | ||
| Red Hat JBoss SOA Platform 5 | jruby | Affected | ||
| Fuse ESB Enterprise 7.1.0 | Fixed | RHSA-2013:1028 | 09.07.2013 | |
| Red Hat Enterprise Linux 5 | ruby | Fixed | RHSA-2013:0611 | 07.03.2013 |
| Red Hat Enterprise Linux 6 | ruby | Fixed | RHSA-2013:0612 | 07.03.2013 |
| Red Hat JBoss Fuse 6.0 | Fixed | RHSA-2013:1185 | 29.08.2013 | |
| Red Hat JBoss SOA Platform 5.3 | Fixed | RHSA-2013:1147 | 08.08.2013 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.
lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.
lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows ...
EPSS
4.3 Medium
CVSS2