CVE-2008-3790

Published: 27 August 2008

The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML document with recursively nested entities, aka an "XML entity explosion."

Priority

Low

Status

Package Release Status
ruby1.8
Launchpad, Ubuntu, Debian
Upstream
Released (1.8.7.72-1)
ruby1.9
Launchpad, Ubuntu, Debian
Upstream
Released (1.9.0.2-7)