Description
The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML document with recursively nested entities, aka an "XML entity explosion."
Remediation
References
Related Vulnerabilities
WordPress Plugin 123devis-affiliation Cross-Site Scripting (1.0.4)
MySQL CVE-2015-4757 Vulnerability (CVE-2015-4757)
XWiki Insufficiently Protected Credentials Vulnerability (CVE-2022-41933)
MODX Improper Certificate Validation Vulnerability (CVE-2017-7322)
WordPress Plugin WordPress Backup and Migrate-Backup Guard Arbitrary File Upload (1.0.2)