Description
lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.
Remediation
References
Related Vulnerabilities
WordPress Plugin PowerPress Podcasting by Blubrry Multiple Vulnerabilities (8.4.4)
Apache HTTP Server Off-by-one Error Vulnerability (CVE-2005-1268)
WordPress Plugin Simple SEO Cross-Site Scripting (1.7.91)
WordPress Plugin Download Theme Arbitrary Directory Download (1.0.2)
WordPress Plugin Gallery-Flagallery Photo Portfolio SQL Injection (2.55)