Description
The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth.
Remediation
References
Related Vulnerabilities
PHP Other Vulnerability (CVE-2005-3388)
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3818)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-6727)
WordPress Plugin WP Keyword Link Multiple Cross-Site Scripting Vulnerabilities (1.7)