Description

The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth.

Remediation

References

CVE-2015-3227

Related Vulnerabilities

WordPress Plugin Post Views Counter Cross-Site Scripting (1.3.4)

WordPress Plugin Portfolio Responsive Gallery SQL Injection (1.1.7)

CakePHP Deserialization of Untrusted Data Vulnerability (CVE-2019-11458)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-31545)

WordPress Plugin AMP for WP-Accelerated Mobile Pages Multiple Unspecified Vulnerabilities (0.9.72)

Severity

Medium

Classification

CVE-2015-3227

Tags

Missing Update Known Vulnerabilities