CVE-2013-6461

🗓️ 05 Nov 2019 14:07:42Reported by redhatType

Nokogiri gem 1.5.x and 1.6.x DoS while parsing XML entities by failing to apply limit

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2013-6461	4 Feb 202408:37	–	circl
Cvelist	CVE-2013-6461	5 Nov 201914:07	–	cvelist
Debian CVE	CVE-2013-6461	5 Nov 201914:07	–	debiancve
EUVD	EUVD-2022-4399	3 Oct 202520:07	–	euvd
Github Security Blog	Nokogiri vulnerable to DoS while parsing XML entities	5 May 202200:29	–	github
NVD	CVE-2013-6461	5 Nov 201915:15	–	nvd
OSV	GHSA-JMHH-W7XP-WG39 Nokogiri vulnerable to DoS while parsing XML entities	5 May 202200:29	–	osv
Prion	Code injection	5 Nov 201915:15	–	prion
RubySec	CVE-2013-6461 rubygem-nokogiri: DoS while parsing XML entities	14 Dec 201300:00	–	rubygems
SUSE CVE	SUSE CVE-2013-6461	15 Feb 202305:34	–	susecve

NVD

Vulners

Node

nokogiri nokogiriRange1.5.0–1.5.11

nokogiri nokogiriRange1.6.0–1.6.1

Node

debian debian_linuxMatch8.0

debian debian_linuxMatch9.0

debian debian_linuxMatch10.0

Node

redhat cloudforms_management_engineMatch5.0

redhat openstackMatch3.0

redhat openstackMatch4.0

redhat satelliteMatch6.0

redhat subscription_asset_managerMatch-

redhat enterprise_mrgMatch2.0

[
  {
    "product": "Nokogiri gem",
    "vendor": "Ruby",
    "versions": [
      {
        "status": "affected",
        "version": "1.5.x"
      },
      {
        "status": "affected",
        "version": "1.6.x"
      }
    ]
  }
]

Source	Link
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/90059
securityfocus	www.securityfocus.com/bid/64513
openwall	www.openwall.com/lists/oss-security/2013/12/27/2
security-tracker	www.security-tracker.debian.org/tracker/CVE-2013-6461
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
access	www.access.redhat.com/security/cve/cve-2013-6461

21 Nov 2024 01:59Current

6.4Medium risk

Vulners AI Score6.4

CVSS 24.3

CVSS 3.16.5

EPSS0.02046

CWE-776