Description
The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth.
Remediation
References
Related Vulnerabilities
WordPress Plugin Companion Auto Update Cross-Site Scripting (2.9.3)
PostgreSQL Other Vulnerability (CVE-2002-0972)
Collabtive Improper Input Validation Vulnerability (CVE-2012-2670)
WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.28)
Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2022-42127)