Описание
The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| CloudForms Management Engine 5 | ruby193-rubygem-activesupport | Will not fix | ||
| Red Hat Software Collections | rh-ror41-rubygem-activesupport | Will not fix | ||
| Red Hat Software Collections | ror40-rubygem-activesupport | Will not fix | ||
| Red Hat Software Collections | ruby193-rubygem-activesupport | Will not fix | ||
| Red Hat Subscription Asset Manager | ruby193-rubygem-activesupport | Will not fix | ||
| Red Hat Subscription Asset Manager | rubygem-activesupport | Will not fix |
Показывать по
Дополнительная информация
Статус:
4.3 Medium
CVSS2
Связанные уязвимости
The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth.
The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth.
The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby ...
activesupport vulnerable to Denial of Service via large XML document depth
4.3 Medium
CVSS2