5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.236 Low
EPSS
Percentile
96.5%
lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows
remote attackers to cause a denial of service (memory consumption and
crash) via crafted text nodes in an XML document, aka an XML Entity
Expansion (XEE) attack.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | ruby1.8 | < 1.8.7.249-2ubuntu0.3 | UNKNOWN |
ubuntu | 11.10 | noarch | ruby1.8 | < 1.8.7.352-2ubuntu0.3 | UNKNOWN |
ubuntu | 12.04 | noarch | ruby1.8 | < 1.8.7.352-2ubuntu1.2 | UNKNOWN |
ubuntu | 12.10 | noarch | ruby1.8 | < 1.8.7.358-4ubuntu0.2 | UNKNOWN |
ubuntu | 12.04 | noarch | ruby1.9.1 | < 1.9.3.0-1ubuntu2.6 | UNKNOWN |
ubuntu | 12.10 | noarch | ruby1.9.1 | < 1.9.3.194-1ubuntu1.4 | UNKNOWN |
ubuntu | 13.04 | noarch | ruby1.9.1 | < 1.9.3.194-8.1ubuntu1 | UNKNOWN |
ubuntu | 13.10 | noarch | ruby1.9.1 | < 1.9.3.194-8.1ubuntu1 | UNKNOWN |