CVE-2013-1821

EPSS 19.83%
Published 09.04.2013 21:55:01
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.

Affected products Warnungen 0 Metrics 2 CWE 1 References 26

Data is provided by the National Vulnerability Database (NVD)

Ruby-lang ≫ Ruby Updatep385 Version <= 1.9.3

Ruby-lang ≫ Ruby Version1.9

Ruby-lang ≫ Ruby Version1.9.1

Ruby-lang ≫ Ruby Version1.9.2

Ruby-lang ≫ Ruby Version1.9.3

Ruby-lang ≫ Ruby Version1.9.3 Updatep0

Ruby-lang ≫ Ruby Version1.9.3 Updatep125

Ruby-lang ≫ Ruby Version1.9.3 Updatep194

Ruby-lang ≫ Ruby Version1.9.3 Updatep286

Ruby-lang ≫ Ruby Version1.9.3 Updatep383

Ruby-lang ≫ Ruby Version2.0

Ruby-lang ≫ Ruby Version2.0.0

Ruby-lang ≫ Ruby Version2.0.0 Updaterc1

Ruby-lang ≫ Ruby Version2.0.0 Updaterc2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	19.83%	0.952

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://rhn.redhat.com/errata/RHSA-2013-1147.html

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html

http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html

http://rhn.redhat.com/errata/RHSA-2013-1028.html

http://secunia.com/advisories/52902

Vendor Advisory

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.426862

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702525

http://lists.opensuse.org/opensuse-updates/2013-04/msg00036.html

http://rhn.redhat.com/errata/RHSA-2013-0611.html

http://rhn.redhat.com/errata/RHSA-2013-0612.html