---
gem: nokogiri
platform: jruby
cve: 2013-6460
osvdb: 101179
url: http://osvdb.org/show/osvdb/101179
title: |
  Nokogiri Gem for JRuby Crafted XML Document Handling Infinite Loop Remote DoS
date: 2013-12-14
description: |
  Nokogiri Gem for JRuby contains a flaw that may allow a remote denial of
  service. The issue is triggered when handling a specially crafted XML
  document, which can result in an infinite loop. This may allow a
  context-dependent attacker to crash the server.
cvss_v2: 4.3
patched_versions: 
  - "~> 1.5.11"
  - ">= 1.6.1"