Moderate severity vulnerability that affects activesupport

GHSA-35c4-f3rq-f9g3

Published Sep 17, 2018 · Modified Dec 2, 2024

Description

Withdrawn, accidental duplicate publish.

The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2015-3227
ADVISORY https://github.com/advisories/GHSA-35c4-f3rq-f9g3

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes