Description

The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth.

Remediation

References

CVE-2015-3227

Related Vulnerabilities

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-2963)

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Multiple Cross-Site Scripting Vulnerabilities (2.9.21)

WordPress Plugin Optimize images ALT Text (alt tag) & names for SEO using AI Cross-Site Request Forgery (2.0.7)

WebLogic Other Vulnerability (CVE-2022-24891)

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-5297)

Severity

Medium

Classification

CVE-2015-3227

Tags

Missing Update Known Vulnerabilities