ΠΠΏΠΈΡΠ°Π½ΠΈΠ΅
The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080.
| Π Π΅Π»ΠΈΠ· | Π‘ΡΠ°ΡΡΡ | ΠΡΠΈΠΌΠ΅ΡΠ°Π½ΠΈΠ΅ |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| lucid | ignored | end of life |
| precise | released | 1.8.7.352-2ubuntu1.6 |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | needs-triage | |
| utopic | DNE | |
| vivid | DNE | |
| vivid/stable-phone-overlay | DNE |
ΠΠΎΠΊΠ°Π·ΡΠ²Π°ΡΡ ΠΏΠΎ
| Π Π΅Π»ΠΈΠ· | Π‘ΡΠ°ΡΡΡ | ΠΡΠΈΠΌΠ΅ΡΠ°Π½ΠΈΠ΅ |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [1.9.3.484-2ubuntu1.2]] |
| lucid | ignored | end of life |
| precise | released | 1.9.3.0-1ubuntu2.10 |
| trusty | released | 1.9.3.484-2ubuntu1.2 |
| trusty/esm | DNE | trusty was released [1.9.3.484-2ubuntu1.2] |
| upstream | needs-triage | |
| utopic | ignored | end of life |
| vivid | ignored | end of life |
| vivid/stable-phone-overlay | DNE |
ΠΠΎΠΊΠ°Π·ΡΠ²Π°ΡΡ ΠΏΠΎ
| Π Π΅Π»ΠΈΠ· | Π‘ΡΠ°ΡΡΡ | ΠΡΠΈΠΌΠ΅ΡΠ°Π½ΠΈΠ΅ |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [2.0.0.484-1ubuntu2.2]] |
| lucid | DNE | |
| precise | DNE | |
| trusty | released | 2.0.0.484-1ubuntu2.2 |
| trusty/esm | DNE | trusty was released [2.0.0.484-1ubuntu2.2] |
| upstream | needs-triage | |
| utopic | released | 2.0.0.484+really457-3ubuntu1.2 |
| vivid | DNE | |
| vivid/stable-phone-overlay | DNE |
ΠΠΎΠΊΠ°Π·ΡΠ²Π°ΡΡ ΠΏΠΎ
| Π Π΅Π»ΠΈΠ· | Π‘ΡΠ°ΡΡΡ | ΠΡΠΈΠΌΠ΅ΡΠ°Π½ΠΈΠ΅ |
|---|---|---|
| devel | released | 2.1.2-2ubuntu3 |
| esm-infra-legacy/trusty | DNE | |
| lucid | DNE | |
| precise | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | needs-triage | |
| utopic | released | 2.1.2-2ubuntu1.2 |
| vivid | released | 2.1.2-2ubuntu3 |
| vivid/stable-phone-overlay | DNE |
ΠΠΎΠΊΠ°Π·ΡΠ²Π°ΡΡ ΠΏΠΎ
EPSS
5 Medium
CVSS2
Π‘Π²ΡΠ·Π°Π½Π½ΡΠ΅ ΡΡΠ·Π²ΠΈΠΌΠΎΡΡΠΈ
The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080.
The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080.
The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x befo ...
The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080.
ELSA-2014-1911: ruby security update (MODERATE)
EPSS
5 Medium
CVSS2