Description

The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth.

Remediation

References

CVE-2015-3227

Related Vulnerabilities

XWiki Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') Vulnerability (CVE-2022-41931)

WordPress Plugin ImportWP-Import any XML or CSV File into WordPress Security Bypass (1.1.5)

Moodle Improper Input Validation Vulnerability (CVE-2019-10134)

WordPress Plugin WordPress Backend Customizer-Everest Admin Theme Lite includes Backdoor [Only if downloaded via the vendor website] (1.0.7)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-23130)

Severity

Medium

Classification

CVE-2015-3227

Tags

Missing Update Known Vulnerabilities