The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails prior to 4.1.11 and 4.2.x prior to 4.2.2, when JDOM or REXML is enabled, allow remote malicious users to cause a denial of service (SystemStackError) via a large XML document depth.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
opensuse opensuse 13.2 |
||
opensuse opensuse 13.1 |
||
rubyonrails rails 4.1.6 |
||
rubyonrails rails 4.1.5 |
||
rubyonrails rails 4.1.4 |
||
rubyonrails rails 4.1.3 |
||
rubyonrails rails 4.1.8 |
||
rubyonrails rails 4.1.7 |
||
rubyonrails rails 4.2.0 |
||
rubyonrails rails 4.2.1 |
||
rubyonrails rails 4.1.2 |
||
rubyonrails rails 4.1.1 |
||
rubyonrails rails 4.1.0 |