CVE-2013-1821
Ruby < 1.9.3-p392 - Denial of Service via XML Entity Expansion
Title source: llmDescription
lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.
References (23)
Core 23
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0612.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1028.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0611.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1147.html
Vendor Advisory vendor-advisory
x_refsource_slackware
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.426862
Issue Tracking x_refsource_misc
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702525
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:124
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/52783
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2013/dsa-2738
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-04/msg00036.html
Various Sources x_refsource_confirm
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=39384
Third Party Advisory x_refsource_confirm
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0092
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1780-1
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/58141
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/52902
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/03/06/5
Issue Tracking x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=914716
Vendor Advisory x_refsource_confirm
http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2013/dsa-2809
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html
Scores
EPSS
0.0667
EPSS Percentile
93.1%
Details
CWE
CWE-20
Status
published
Products (8)
org.jruby/jruby
0 - 1.7.3Maven
ruby-lang/ruby
1.9
ruby-lang/ruby
1.9.1
ruby-lang/ruby
1.9.2
ruby-lang/ruby
1.9.3 (6 CPE variants)
ruby-lang/ruby
2.0
ruby-lang/ruby
2.0.0 (3 CPE variants)
ruby-lang/ruby
< 1.9.3
Published
Apr 09, 2013
Tracked Since
Feb 18, 2026