GHSA-hgg7-cghq-xhf4
Suggest an improvement- Source
- https://github.com/advisories/GHSA-hgg7-cghq-xhf4
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hgg7-cghq-xhf4/GHSA-hgg7-cghq-xhf4.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-hgg7-cghq-xhf4
- Aliases
-
- CVE-2013-1821
- Published
- 2022-05-17T03:23:26Z
- Modified
- 2024-11-29T05:38:00.378634Z
- Summary
- Ruby vulnerable to denial of service
- Details
-
When reading text nodes from an XML document, the REXML parser can be coerced in to allocating extremely large string objects which can consume all of the memory on a machine, causing a denial of service.
Jruby resolves this bug in version 1.7.3 as noted in https://www.jruby.org/2013/02/21/jruby-1-7-3.html
- Database specific
{ "nvd_published_at": "2013-04-09T21:55:00Z", "cwe_ids": [ "CWE-400" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2022-11-08T12:51:05Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2013-1821
- https://bugzilla.redhat.com/show_bug.cgi?id=914716
- https://github.com/jruby/jruby
- https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0092
- https://www.jruby.org/2013/02/21/jruby-1-7-3.html
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702525
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html
- http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html
- http://lists.opensuse.org/opensuse-updates/2013-04/msg00036.html
- http://rhn.redhat.com/errata/RHSA-2013-1147.html
- http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=39384
- http://www.debian.org/security/2013/dsa-2738
- http://www.debian.org/security/2013/dsa-2809
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:124
- http://www.openwall.com/lists/oss-security/2013/03/06/5
- http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.426862
- http://www.ubuntu.com/usn/USN-1780-1
Affected packages
Maven / org.jruby:jruby
Package
- Name
- org.jruby:jruby
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jruby/jruby
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.7.3
Affected versions
0.*
0.8.3
0.9.1
0.9.2
0.9.8
0.9.9
1.*
1.0RC1
1.0RC2
1.0RC3
1.0
1.0.1
1.0.2
1.0.3
1.1b1
1.1RC1
1.1RC2
1.1RC3
1.1
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6RC1
1.1.6
1.2RC1
1.2.0RC2
1.2.0
1.3.0RC1
1.3.0RC2
1.3.0
1.3.1
1.4.0RC1
1.4.0RC2
1.4.0RC3
1.4.0
1.4.1
1.5.0.RC1
1.5.0.RC2
1.5.0.RC3
1.5.0
1.5.1
1.5.2
1.5.3
1.5.5
1.5.6
1.6.0.RC1
1.6.0.RC2
1.6.0.RC3
1.6.0
1.6.1
1.6.2
1.6.3
1.6.4
1.6.5
1.6.5.1
1.6.6
1.6.7
1.6.7.1
1.6.7.2
1.6.8
1.7.0.RC1
1.7.0.RC2
1.7.0
1.7.0.preview1
1.7.0.preview2
1.7.1
1.7.2