MEDIUM 6.5
GHSA-62qp-3fxm-9wxf
Nokogiri vulnerable to DoS while parsing XML documents
Details
Nokogiri gem has Denial of Service via infinite loop when parsing XML documents
Are you affected?
Enter the version of the package you're using.
Affected packages
References
- https://nvd.nist.gov/vuln/detail/CVE-2013-6460 [ADVISORY]
- https://access.redhat.com/security/cve/cve-2013-6460 [WEB]
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6460 [WEB]
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-6460 [WEB]
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90058 [WEB]
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2013-6460.yml [WEB]
- https://github.com/sparklemotion/nokogiri [PACKAGE]
- https://security-tracker.debian.org/tracker/CVE-2013-6460 [WEB]
- https://web.archive.org/web/20200229074427/https://www.securityfocus.com/bid/64513 [WEB]
- http://www.openwall.com/lists/oss-security/2013/12/27/2 [WEB]