Description
The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Hotel Booking SQL Injection (2.1.0)
WordPress Plugin Visualizer:Tables and Charts Manager for WordPress PHAR Deserialization (3.7.9)
MySQL CVE-2019-2693 Vulnerability (CVE-2019-2693)
WordPress Plugin Comic Book Management System SQL Injection (2.1.0)
Moodle Improper Authentication Vulnerability (CVE-2025-3627)