CVE-2013-1821

CVSS v2.0 5 (Medium)

EPSS 19.63 % (96^th)

Affected Products 1

Advisories 11

lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.

Weaknesses

CWE-20: Improper Input Validation

Related CVEs

CVE-2014-8090

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2013-04-09 21:55:01
(11 years ago)
Updated Date: 2016-12-08 03:03:10
(7 years ago)

Affected Products

Ruby-lang

Ruby

Configuration #1

	CPE23	Up To
Ruby-lang Ruby P385 1.9.3 and prior versions	cpe:2.3:a:ruby-lang:ruby::p385	<= 1.9.3
Ruby-lang Ruby 1.9	cpe:2.3:a:ruby-lang:ruby:1.9
Ruby-lang Ruby 1.9.1	cpe:2.3:a:ruby-lang:ruby:1.9.1
Ruby-lang Ruby 1.9.2	cpe:2.3:a:ruby-lang:ruby:1.9.2
Ruby-lang Ruby 1.9.3	cpe:2.3:a:ruby-lang:ruby:1.9.3
Ruby-lang Ruby 1.9.3 P0	cpe:2.3:a:ruby-lang:ruby:1.9.3:p0
Ruby-lang Ruby 1.9.3 P125	cpe:2.3:a:ruby-lang:ruby:1.9.3:p125
Ruby-lang Ruby 1.9.3 P194	cpe:2.3:a:ruby-lang:ruby:1.9.3:p194
Ruby-lang Ruby 1.9.3 P286	cpe:2.3:a:ruby-lang:ruby:1.9.3:p286
Ruby-lang Ruby 1.9.3 P383	cpe:2.3:a:ruby-lang:ruby:1.9.3:p383

Configuration #2

		CPE23	From	Up To
	Ruby-lang Ruby 2.0	cpe:2.3:a:ruby-lang:ruby:2.0
	Ruby-lang Ruby 2.0.0	cpe:2.3:a:ruby-lang:ruby:2.0.0
	Ruby-lang Ruby 2.0.0 Rc1	cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1
	Ruby-lang Ruby 2.0.0 Rc2	cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2