Ruby vulnerable to denial of service
Moderate severity
GitHub Reviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Aug 16, 2023
Description
Published by the National Vulnerability Database
Apr 9, 2013
Published to the GitHub Advisory Database
May 17, 2022
Reviewed
Nov 8, 2022
Last updated
Aug 16, 2023
When reading text nodes from an XML document, the REXML parser can be coerced in to allocating extremely large string objects which can consume all of the memory on a machine, causing a denial of service.
Jruby resolves this bug in version 1.7.3 as noted in https://www.jruby.org/2013/02/21/jruby-1-7-3.html
References