Description

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.

Remediation

References

CVE-2014-8080

Related Vulnerabilities

MySQL CVE-2017-10296 Vulnerability (CVE-2017-10296)

WordPress Plugin Contact Form Manager Multiple Vulnerabilities (1.4.4)

Magento CVE-2019-8136 Vulnerability (CVE-2019-8136)

Drupal CVE-2008-1729 Vulnerability (CVE-2008-1729)

PostgreSQL CVE-2023-2455 Vulnerability (CVE-2023-2455)

Severity

Medium

Classification

CVE-2014-8080

Tags

Missing Update Known Vulnerabilities