Your submission was sent successfully! Close

CVE-2013-1821

Published: 07 March 2013

lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.

Priority

Medium

Status

Package Release Status
ruby1.8
Launchpad, Ubuntu, Debian
Upstream
Released (1.8.7.358-7)
ruby1.9.1
Launchpad, Ubuntu, Debian
Upstream
Released (1.9.3 patchlevel 392,1.9.3.194-8.1)
Patches:
Upstream: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=39384