CVE-2013-1821

lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
Affected Products (NVD)
VendorProductVersion
ruby-langruby
𝑥
≤ 1.9.3
ruby-langruby
1.9
ruby-langruby
1.9.1
ruby-langruby
1.9.2
ruby-langruby
1.9.3
ruby-langruby
1.9.3:p0
ruby-langruby
1.9.3:p125
ruby-langruby
1.9.3:p194
ruby-langruby
1.9.3:p286
ruby-langruby
1.9.3:p383
ruby-langruby
2.0
ruby-langruby
2.0.0
ruby-langruby
2.0.0:rc1
ruby-langruby
2.0.0:rc2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ruby1.8
hardy
ignored
lucid
Fixed 1.8.7.249-2ubuntu0.3
released
oneiric
Fixed 1.8.7.352-2ubuntu0.3
released
precise
Fixed 1.8.7.352-2ubuntu1.2
released
quantal
Fixed 1.8.7.358-4ubuntu0.2
released
raring
not-affected
saucy
not-affected
ruby1.9.1
hardy
dne
lucid
ignored
oneiric
ignored
precise
Fixed 1.9.3.0-1ubuntu2.6
released
quantal
Fixed 1.9.3.194-1ubuntu1.4
released
raring
Fixed 1.9.3.194-8.1ubuntu1
released
saucy
Fixed 1.9.3.194-8.1ubuntu1
released
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
ruby
RHEL 6
0:1.8.7.352-10.el6_4
fixed
ruby-devel
RHEL 6
0:1.8.7.352-10.el6_4
fixed
ruby-docs
RHEL 6
0:1.8.7.352-10.el6_4
fixed
ruby-irb
RHEL 6
0:1.8.7.352-10.el6_4
fixed
ruby-libs
RHEL 6
0:1.8.7.352-10.el6_4
fixed
ruby-rdoc
RHEL 6
0:1.8.7.352-10.el6_4
fixed
ruby-ri
RHEL 6
0:1.8.7.352-10.el6_4
fixed
ruby-static
RHEL 6
0:1.8.7.352-10.el6_4
fixed
ruby-tcltk
RHEL 6
0:1.8.7.352-10.el6_4
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
ruby
Amazon Linux 1
0:1.8.7.371-2.25.amzn1
fixed
ruby-debuginfo
Amazon Linux 1
0:1.8.7.371-2.25.amzn1
fixed
ruby-devel
Amazon Linux 1
0:1.8.7.371-2.25.amzn1
fixed
ruby-irb
Amazon Linux 1
0:1.8.7.371-2.25.amzn1
fixed
ruby-libs
Amazon Linux 1
0:1.8.7.371-2.25.amzn1
fixed
ruby-rdoc
Amazon Linux 1
0:1.8.7.371-2.25.amzn1
fixed
ruby-ri
Amazon Linux 1
0:1.8.7.371-2.25.amzn1
fixed
ruby-static
Amazon Linux 1
0:1.8.7.371-2.25.amzn1
fixed
ruby19
Amazon Linux 1
0:1.9.3.392-29.38.amzn1
fixed
ruby19-debuginfo
Amazon Linux 1
0:1.9.3.392-29.38.amzn1
fixed
ruby19-devel
Amazon Linux 1
0:1.9.3.392-29.38.amzn1
fixed
ruby19-doc
Amazon Linux 1
0:1.9.3.392-29.38.amzn1
fixed
ruby19-irb
Amazon Linux 1
0:1.9.3.392-29.38.amzn1
fixed
ruby19-libs
Amazon Linux 1
0:1.9.3.392-29.38.amzn1
fixed
rubygem19-bigdecimal
Amazon Linux 1
0:1.1.0-29.38.amzn1
fixed
rubygem19-io-console
Amazon Linux 1
0:0.3-29.38.amzn1
fixed
rubygem19-json
Amazon Linux 1
0:1.5.5-29.38.amzn1
fixed
rubygem19-minitest
Amazon Linux 1
0:2.5.1-29.38.amzn1
fixed
rubygem19-rake
Amazon Linux 1
0:0.9.2.2-29.38.amzn1
fixed
rubygem19-rdoc
Amazon Linux 1
0:3.9.5-29.38.amzn1
fixed
rubygems19
Amazon Linux 1
0:1.8.23-29.38.amzn1
fixed
rubygems19-devel
Amazon Linux 1
0:1.8.23-29.38.amzn1
fixed
References