First published: Wed Aug 27 2008(Updated: )
The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML document with recursively nested entities, aka an "XML entity explosion."
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Ruby-lang Ruby | =1.8.6 | |
Ruby-lang Ruby | =1.8.6-p110 | |
Ruby-lang Ruby | =1.8.6-p111 | |
Ruby-lang Ruby | =1.8.6-p114 | |
Ruby-lang Ruby | =1.8.6-p230 | |
Ruby-lang Ruby | =1.8.6-p286 | |
Ruby-lang Ruby | =1.8.6-p287 | |
Ruby-lang Ruby | =1.8.6-p36 | |
Ruby-lang Ruby | =1.8.6-preview1 | |
Ruby-lang Ruby | =1.8.6-preview2 | |
Ruby-lang Ruby | =1.8.6-preview3 | |
Ruby-lang Ruby | =1.8.7 | |
Ruby-lang Ruby | =1.8.7-p17 | |
Ruby-lang Ruby | =1.8.7-p22 | |
Ruby-lang Ruby | =1.8.7-p71 | |
Ruby-lang Ruby | =1.8.7-p72 | |
Ruby-lang Ruby | =1.8.7-preview1 | |
Ruby-lang Ruby | =1.8.7-preview2 | |
Ruby-lang Ruby | =1.8.7-preview3 | |
Ruby-lang Ruby | =1.8.7-preview4 | |
Ruby-lang Ruby | =1.9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.