5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.154 Low
EPSS
Percentile
95.3%
CPU exhaustion can occur as a result of recursive expansion with an
empty string. When reading text nodes from an XML document, the REXML
parser can be coerced into allocating extremely large string objects
which can consume all of the memory on a machine, causing a denial of
service.