Matthew Draper

**Name of the Vulnerable Software and Affected Versions** Ruby on Rails versions prior to 4.1.11 Ruby on Rails versions 4.2.x prior to 4.2.2 **Description** The issue allows remote attackers to cause a denial of service (SystemStackError) via a large XML document depth when JDOM or REXML is enabled in the `jdom.rb` and `rexml.rb` components in Active Support. **Recommendations** For Ruby on Rails versions prior to 4.1.11, update to version 4.1.11 or later. For Ruby on Rails versions 4.2.x prior to 4.2.2, update to version 4.2.2 or later. As a temporary workaround, consider disabling the JDOM or REXML components until a patch is available.