5

CVE-2013-1821

lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ruby-langRuby Updatep385 Version <= 1.9.3
Ruby-langRuby Version1.9
Ruby-langRuby Version1.9.1
Ruby-langRuby Version1.9.2
Ruby-langRuby Version1.9.3
Ruby-langRuby Version1.9.3 Updatep0
Ruby-langRuby Version1.9.3 Updatep125
Ruby-langRuby Version1.9.3 Updatep194
Ruby-langRuby Version1.9.3 Updatep286
Ruby-langRuby Version1.9.3 Updatep383
Ruby-langRuby Version2.0
Ruby-langRuby Version2.0.0
Ruby-langRuby Version2.0.0 Updaterc1
Ruby-langRuby Version2.0.0 Updaterc2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.67% 0.931
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://rhn.redhat.com/errata/RHSA-2013-1147.html
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html
http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html
http://rhn.redhat.com/errata/RHSA-2013-1028.html
http://secunia.com/advisories/52902
Vendor Advisory
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.426862
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702525
http://lists.opensuse.org/opensuse-updates/2013-04/msg00036.html
http://rhn.redhat.com/errata/RHSA-2013-0611.html
http://rhn.redhat.com/errata/RHSA-2013-0612.html
http://secunia.com/advisories/52783
Vendor Advisory
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=39384
http://www.debian.org/security/2013/dsa-2738
http://www.debian.org/security/2013/dsa-2809
http://www.mandriva.com/security/advisories?name=MDVSA-2013:124
http://www.openwall.com/lists/oss-security/2013/03/06/5
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/
Vendor Advisory
http://www.securityfocus.com/bid/58141
http://www.ubuntu.com/usn/USN-1780-1
https://bugzilla.redhat.com/show_bug.cgi?id=914716
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0092