CVE-2013-6461

MEDIUM

Nokogiri < 1.5.11 - XML Entity Expansion

Title source: rule
STIX 2.1

Description

Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits

References (6)

Scores

CVSS v3 6.5
EPSS 0.0205
EPSS Percentile 83.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE
CWE-776
Status published
Products (11)
debian/debian_linux 8.0
debian/debian_linux 9.0
debian/debian_linux 10.0
nokogiri/nokogiri 1.5.0 - 1.5.11
redhat/cloudforms_management_engine 5.0
redhat/enterprise_mrg 2.0
redhat/openstack 3.0
redhat/openstack 4.0
redhat/satellite 6.0
redhat/subscription_asset_manager
... and 1 more
Published Nov 05, 2019
Tracked Since Feb 18, 2026