---
engine: ruby
cve: 2013-1821
osvdb: 90587
url: http://www.osvdb.org/show/osvdb/90587
title: Ruby REXML Library Crafted XML File Text Node Handling DoS
date: 2013-02-22
description: |
  Ruby contains a flaw in the REXML library that may allow a denial of
  service. The issue is triggered when handling a file text node in a specially crafted
  XML file. This may allow a context-dependent attacker to cause a consumption of
  memory resources and crash the program.
cvss_v2: 5.0
patched_versions:
  - ~> 1.9.3.392
  - ">= 2.0.0.0"