Wind River Support Network

HomeDefectsLIN5-19806
Fixed

LIN5-19806 : Security Advisory - ruby - CVE-2014-8080

Created: Dec 1, 2014    Updated: Dec 19, 2017
Resolved Date: Dec 19, 2014
Found In Version: 5.0.1.21
Fix Version: 5.0.1.22
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Userspace

Description

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.<a href=http://cwe.mitre.org/data/definitions/611.html target=_blank>CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8080

Other Downloads


Live chat
Online