5

CVE-2008-3790

Exploit

The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML document with recursively nested entities, aka an "XML entity explosion."

Data is provided by the National Vulnerability Database (NVD)
Ruby-langRuby Version1.8.6
Ruby-langRuby Version1.8.6 Updatep110
Ruby-langRuby Version1.8.6 Updatep111
Ruby-langRuby Version1.8.6 Updatep114
Ruby-langRuby Version1.8.6 Updatep230
Ruby-langRuby Version1.8.6 Updatep286
Ruby-langRuby Version1.8.6 Updatep287
Ruby-langRuby Version1.8.6 Updatep36
Ruby-langRuby Version1.8.6 Updatepreview1
Ruby-langRuby Version1.8.6 Updatepreview2
Ruby-langRuby Version1.8.6 Updatepreview3
Ruby-langRuby Version1.8.7
Ruby-langRuby Version1.8.7 Updatep17
Ruby-langRuby Version1.8.7 Updatep22
Ruby-langRuby Version1.8.7 Updatep71
Ruby-langRuby Version1.8.7 Updatep72
Ruby-langRuby Version1.8.7 Updatepreview1
Ruby-langRuby Version1.8.7 Updatepreview2
Ruby-langRuby Version1.8.7 Updatepreview3
Ruby-langRuby Version1.8.7 Updatepreview4
Ruby-langRuby Version1.9
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 28.09% 0.963
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.