Description
The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML document with recursively nested entities, aka an "XML entity explosion."
Remediation
References
Related Vulnerabilities
OpenSSL Improper Input Validation Vulnerability (CVE-2017-3733)
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-6832)
WordPress Plugin SEO Ultimate 'wp-admin/post.php' Cross-Site Scripting (6.9.1)
Oracle Database Server CVE-2013-5771 Vulnerability (CVE-2013-5771)
WordPress Plugin Easy Google Maps Cross-Site Scripting (1.9.33)