Vector: | Remote |
Severity: | Low |
Patch: | Patched |
Impact: | Denial of Service (DoS) |
Software: |
Ruby 1.9.x , vulnerable versions: & Ruby 2.0.x , vulnerable versions: l Ruby 2.1.x , vulnerable versions: t |
An attacker can perform a denial of service attack.
The vulnerability is caused due to an error within the REXML module when parsing XML entities. An attacker can perform a denial of service (DoS) attack.
Solution:
For Ruby 1.9.x: Update to version 1.9.3-p550, 2.0.0-p594, or 2.1.4.
CVE ID:
CVE-2014-8080
Links:
https://www.ruby-lang.org/en/news/2014/10/27/rexml-dos-cve-2014-8080/