Description

The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth.

Remediation

References

CVE-2015-3227

Related Vulnerabilities

WordPress Plugin Permalink Manager Lite Unspecified Vulnerability (2.2.13.1)

MySQL CVE-2016-5612 Vulnerability (CVE-2016-5612)

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Multiple Vulnerabilities (2.0.45)

WordPress Plugin Popups, Welcome Bar, Optins and Lead Generation-Icegram Cross-Site Request Forgery (1.9.18)

MySQL NULL Pointer Dereference Vulnerability (CVE-2020-1971)

Severity

Medium

Classification

CVE-2015-3227

Tags

Missing Update Known Vulnerabilities