Wind River Support Network

HomeDefectsLIN6-8882
Fixed

LIN6-8882 : Security Advisory - ruby - CVE-2014-8080

Created: Dec 1, 2014    Updated: Dec 3, 2018
Resolved Date: Dec 19, 2014
Found In Version: 6.0
Fix Version: 6.0.0.16
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace

Description

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.<a href=http://cwe.mitre.org/data/definitions/611.html target=_blank>CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8080

Other Downloads


Live chat
Online