XML Entity Expansion (XEE)
ruby is vulnerable to XML Entity Expansion XEE attacks. The vulnerability exists as the REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service memory consumption via a crafted XML document, aka an XML Enti...