MEDIUM 6.5
GHSA-jmhh-w7xp-wg39
Nokogiri vulnerable to DoS while parsing XML entities
Details
Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits
Are you affected?
Enter the version of the package you're using.
Affected packages
References
- https://nvd.nist.gov/vuln/detail/CVE-2013-6461 [ADVISORY]
- https://access.redhat.com/security/cve/cve-2013-6461 [WEB]
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6461 [WEB]
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90059 [WEB]
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2013-6461.yml [WEB]
- https://github.com/sparklemotion/nokogiri [PACKAGE]
- https://security-tracker.debian.org/tracker/CVE-2013-6461 [WEB]
- https://web.archive.org/web/20200804224345/https://www.securityfocus.com/bid/64513 [WEB]
- http://www.openwall.com/lists/oss-security/2013/12/27/2 [WEB]