PT-2019-6997 · Ruby · Nokogiri

Published

2019-11-05

·

Updated

2022-05-05

·

CVE-2013-6461

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Nokogiri gem versions 1.5.x through 1.6.x
Description The issue concerns a denial of service (DoS) that occurs when parsing XML entities due to the failure to apply limits.
Recommendations For versions 1.5.x through 1.6.x, update to a version that applies the necessary limits when parsing XML entities to prevent DoS.

Exploit

Fix

XML Entity Expansion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-776

Related Identifiers

CVE-2013-6461
GHSA-JMHH-W7XP-WG39

Affected Products

Nokogiri