Sha256: bc3e193b6f46d748255a2df61aace1b9516ffee2b446800a2b4509557a70e21a

Contents?: true

Size: 660 Bytes

Versions: 6

Compression:

Stored size: 660 Bytes

Contents

---
engine: ruby
cve: 2014-8080
osvdb: 113747
url: http://www.osvdb.org/show/osvdb/113747
title: Ruby lib/rexml/entity.rb XML External Entity (XXE) Expansion Remote DoS
date: 2014-10-27
description: |
  Ruby contains an XXE (Xml eXternal Entity) injection flaw in
  lib/rexml/entity.rb that is triggered during the parsing of XML data. The
  issue is due to an incorrectly configured XML parser accepting XML external
  entities from an untrusted source. By sending specially crafted XML data, a
  remote attacker can consume all available memory and cause a denial of
  service.
cvss_v2: 5.0
patched_versions:
  - ~> 1.9.3.550
  - ~> 2.0.0.594
  - ">= 2.1.4"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/rubies/ruby/CVE-2014-8080.yml
bundler-budit-0.6.2 data/ruby-advisory-db/rubies/ruby/OSVDB-113747.yml
bundler-budit-0.6.1 data/ruby-advisory-db/rubies/ruby/OSVDB-113747.yml
bundler-audit-0.6.1 data/ruby-advisory-db/rubies/ruby/OSVDB-113747.yml
bundler-audit-0.6.0 data/ruby-advisory-db/rubies/ruby/OSVDB-113747.yml
bundler-audit-0.5.0 data/ruby-advisory-db/rubies/ruby/OSVDB-113747.yml