1. Home
  2. Vulnerabilities
  3. CVE-2014-8090

CVE-2014-8090

CVSS v2.0 5 (Medium)
50% Progress
EPSS 13.02 % (96th)
13.02% Progress
Affected Products 1
Advisories 11
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080.

Weaknesses
CWE-NVD-Other
Related CVEs
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2014-11-21 15:59:04
(9 years ago)
Updated Date
2017-01-03 02:59:17
(7 years ago)

Affected Products

Ruby-lang

Configuration #1

    CPE23 From Up To
  Ruby-lang Ruby P550 1.9.3 and prior versions cpe:2.3:a:ruby-lang:ruby::p550 <= 1.9.3
  Ruby-lang Ruby 1.9.3 cpe:2.3:a:ruby-lang:ruby:1.9.3
  Ruby-lang Ruby 1.9.3 P0 cpe:2.3:a:ruby-lang:ruby:1.9.3:p0
  Ruby-lang Ruby 1.9.3 P125 cpe:2.3:a:ruby-lang:ruby:1.9.3:p125
  Ruby-lang Ruby 1.9.3 P194 cpe:2.3:a:ruby-lang:ruby:1.9.3:p194
  Ruby-lang Ruby 1.9.3 P286 cpe:2.3:a:ruby-lang:ruby:1.9.3:p286
  Ruby-lang Ruby 1.9.3 P383 cpe:2.3:a:ruby-lang:ruby:1.9.3:p383
  Ruby-lang Ruby 1.9.3 P385 cpe:2.3:a:ruby-lang:ruby:1.9.3:p385
  Ruby-lang Ruby 1.9.3 P392 cpe:2.3:a:ruby-lang:ruby:1.9.3:p392
  Ruby-lang Ruby 1.9.3 P426 cpe:2.3:a:ruby-lang:ruby:1.9.3:p426
  Ruby-lang Ruby 1.9.3 P429 cpe:2.3:a:ruby-lang:ruby:1.9.3:p429
  Ruby-lang Ruby 1.9.3 P448 cpe:2.3:a:ruby-lang:ruby:1.9.3:p448
  Ruby-lang Ruby 1.9.3 P545 cpe:2.3:a:ruby-lang:ruby:1.9.3:p545
  Ruby-lang Ruby 1.9.3 P547 cpe:2.3:a:ruby-lang:ruby:1.9.3:p547
  Ruby-lang Ruby 2.0.0 cpe:2.3:a:ruby-lang:ruby:2.0.0
  Ruby-lang Ruby 2.0.0 P0 cpe:2.3:a:ruby-lang:ruby:2.0.0:p0
  Ruby-lang Ruby 2.0.0 P195 cpe:2.3:a:ruby-lang:ruby:2.0.0:p195
  Ruby-lang Ruby 2.0.0 P247 cpe:2.3:a:ruby-lang:ruby:2.0.0:p247
  Ruby-lang Ruby 2.0.0 P451 cpe:2.3:a:ruby-lang:ruby:2.0.0:p451
  Ruby-lang Ruby 2.0.0 P481 cpe:2.3:a:ruby-lang:ruby:2.0.0:p481
  Ruby-lang Ruby 2.0.0 P576 cpe:2.3:a:ruby-lang:ruby:2.0.0:p576
  Ruby-lang Ruby 2.0.0 P594 cpe:2.3:a:ruby-lang:ruby:2.0.0:p594
  Ruby-lang Ruby 2.1.1 cpe:2.3:a:ruby-lang:ruby:2.1.1
  Ruby-lang Ruby 2.1.2 cpe:2.3:a:ruby-lang:ruby:2.1.2
  Ruby-lang Ruby 2.1.3 cpe:2.3:a:ruby-lang:ruby:2.1.3
  Ruby-lang Ruby 2.1.4 cpe:2.3:a:ruby-lang:ruby:2.1.4