Sha256: e933f21017099c8446851bd4884100800791c9baa08fc1efbb06922b55b1f6ed

Contents?: true

Size: 779 Bytes

Versions: 6

Compression:

Stored size: 779 Bytes

Contents

---
engine: ruby
cve: 2014-8090
osvdb: 114641
url: http://www.osvdb.org/show/osvdb/114641
title: |
  Ruby lib/rexml/entity.rb NULL String Handling Recursive XML External Entity
  (XXE) Expansion Resource Consumption Remote DoS
date: 2014-11-13
description: |
  Ruby contains an XXE (Xml eXternal Entity) injection flaw in the
  lib/rexml/entity.rb that is triggered during the parsing of XML data when
  handling recursive expansions in NULL strings. The issue is due to an
  incorrectly configured XML parser accepting XML external entities from an
  untrusted source. By sending specially crafted XML data, a remote attacker
  can cause a consumption of system resources and a denial of service.
cvss_v2: 5.0
patched_versions:
  - ~> 1.9.3.551
  - ~> 2.0.0.598
  - ">= 2.1.5"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/rubies/ruby/CVE-2014-8090.yml
bundler-budit-0.6.2 data/ruby-advisory-db/rubies/ruby/OSVDB-114641.yml
bundler-budit-0.6.1 data/ruby-advisory-db/rubies/ruby/OSVDB-114641.yml
bundler-audit-0.6.1 data/ruby-advisory-db/rubies/ruby/OSVDB-114641.yml
bundler-audit-0.6.0 data/ruby-advisory-db/rubies/ruby/OSVDB-114641.yml
bundler-audit-0.5.0 data/ruby-advisory-db/rubies/ruby/OSVDB-114641.yml