Ruby CVE-2014-8090 Incomplete Fix XML External Entity Denial of Service Vulnerability

Ruby is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to cause a denial-of-service condition.

The following versions are vulnerable:

Ruby 1.9 versions prior to 1.9.3-p551
Ruby 2.0 versions prior to 2.0.0-p598
Ruby 2.1 versions prior to 2.1.5

Note: This issue is the result of an incomplete fix for the issues described in 58141 (Ruby REXML Parser Denial of Service Vulnerability) and 70935 (Ruby CVE-2014-8080 XML External Entity Denial of Service Vulnerability).


 

Privacy Statement
Copyright 2010, SecurityFocus