Lucene search
RubySecRUBY:RUBY-2014-8090-114641HistoryNov 12, 2014 - 9:00 p.m.
CVE-2014-8090 ruby: REXML incomplete fix for CVE-2014-8080
2014-11-1221:00:00
RubySec
rubysec.com
11
The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551,
2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows
remote attackers to cause a denial of service (CPU and memory
consumption) a crafted XML document containing an empty string
in an entity that is used in a large number of nested entity
references, aka an XML Entity Expansion (XEE) attack.
NOTE: this vulnerability exists because of an incomplete
fix for CVE-2013-1821 and CVE-2014-8080.
Related
cve
cve
ubuntucve
ubuntucve
prion
prion
Design/Logic Flaw
2014-11-21 15:59:00
Design/Logic Flaw
2014-11-03 16:55:00
Design/Logic Flaw
2013-04-09 21:55:00
nessus
nessus
Oracle Linux 6 : ruby193-ruby (ELSA-2014-1913)
2023-09-07 00:00:00
EulerOS Virtualization 2.5.1 : ruby (EulerOS-SA-2018-1374)
2018-11-21 00:00:00
Amazon Linux AMI : ruby21 (ALAS-2014-449)
2014-11-18 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2018-1374)
2020-01-23 00:00:00
Amazon Linux: Security Advisory (ALAS-2014-447)
2015-09-08 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:0093-1)
2021-04-19 00:00:00
debian
debian
[SECURITY] [DSA 3159-1] ruby1.8 security update
2015-02-10 17:49:21
[SECURITY] [DSA 3157-1] ruby1.9.1 security update
2015-02-09 17:10:22
[SECURITY] [DLA 200-1] ruby1.9.1 security update
2015-04-15 18:17:59
centos
centos
ruby security update
2014-12-01 12:57:41
ruby, rubygem, rubygems security update
2014-12-01 13:45:48
ruby security update
2013-03-08 00:25:53
redhat
redhat
(RHSA-2014:1911) Moderate: ruby security update
2014-11-26 00:00:00
(RHSA-2014:1914) Moderate: ruby200-ruby security update
2014-11-26 00:00:00
(RHSA-2014:1912) Moderate: ruby security update
2014-11-26 00:00:00
oraclelinux
oraclelinux
ruby security update
2014-11-26 00:00:00
ruby security update
2014-11-26 00:00:00
ruby193-ruby security update
2016-02-04 00:00:00
amazon
amazon
osv
osv
ruby1.8 - security update
2015-02-10 00:00:00
ruby1.9.1 - security update
2015-04-15 00:00:00
ruby1.9.1 - security update
2015-02-09 00:00:00
mageia
mageia
Updated ruby packages fix security vulnerabilities
2014-11-21 15:44:16
Updated ruby packages fix CVE-2014-8080
2014-11-14 03:57:44
securityvulns
securityvulns
Ruby DoS
2014-11-24 00:00:00
[USN-2412-1] Ruby vulnerability
2014-11-24 00:00:00
APPLE-SA-2015-09-30-3 OS X El Capitan 10.11
2015-10-05 00:00:00
archlinux
archlinux
ruby: denial of service
2014-11-17 00:00:00
veracode
veracode
XML Entity Expansion (XEE)
2019-05-02 05:05:32
XML Entity Expansion (XEE)
2019-01-15 09:03:29
Denial Of Service (DoS)
2019-01-15 08:59:34
ubuntu
ubuntu
Ruby vulnerability
2014-11-20 00:00:00
Ruby vulnerability
2013-03-25 00:00:00
Ruby vulnerabilities
2014-11-04 00:00:00
github
github
Ruby vulnerable to denial of service
2022-05-17 03:23:26
gentoo
gentoo
Ruby: Denial of service
2014-12-13 00:00:00
rubygems
rubygems
CVE-2013-1821 ruby: entity expansion DoS vulnerability in REXML
2013-02-21 20:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: ruby-2.1.4-24.fc21
2014-11-10 06:32:27
slackware
slackware
ruby
2013-03-16 01:11:53
Related for RUBY:RUBY-2014-8090-114641