Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2013-1821

lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.

CVSS v2:

  • Severity: Medium
  • Score: 5
  • AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

Software From Fixed in
ruby-lang / ruby 1.9.3-p286 1.9.3-p286.x
ruby-lang / ruby 1.9.3-p383 1.9.3-p383.x
ruby-lang / ruby 1.9.2 1.9.2.x
ruby-lang / ruby 1.9.1 1.9.1.x
ruby-lang / ruby 1.9.3-p125 1.9.3-p125.x
ruby-lang / ruby 1.9.3-p194 1.9.3-p194.x
ruby-lang / ruby 1.9.3 1.9.3.x
ruby-lang / ruby 1.9 1.9.x
ruby-lang / ruby 1.9.3-p0 1.9.3-p0.x
ruby-lang / ruby - 1.9.3.x
ruby-lang / ruby 2.0.0 2.0.0.x
ruby-lang / ruby 2.0 2.0.x
ruby-lang / ruby 2.0.0-rc1 2.0.0-rc1.x
ruby-lang / ruby 2.0.0-rc2 2.0.0-rc2.x
org.jruby / jruby - 1.7.3