CVE-2014-8080

Published: Nov 3, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

61607

third-party-advisory

x_refsource_SECUNIA

openSUSE-SU-2014:1589

vendor-advisory

x_refsource_SUSE

http://advisories.mageia.org/MGASA-2014-0443.html

x_refsource_CONFIRM

RHSA-2014:1912

vendor-advisory

x_refsource_REDHAT

DSA-3159

vendor-advisory

x_refsource_DEBIAN

62050

third-party-advisory

x_refsource_SECUNIA

APPLE-SA-2015-09-30-3

vendor-advisory

x_refsource_APPLE

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

x_refsource_CONFIRM

RHSA-2014:1913

vendor-advisory

x_refsource_REDHAT

https://www.ruby-lang.org/en/news/2014/10/27/rexml-dos-cve-2014-8080/

x_refsource_CONFIRM

https://support.apple.com/HT205267

x_refsource_CONFIRM

RHSA-2014:1911

vendor-advisory

x_refsource_REDHAT

70935

vdb-entry

x_refsource_BID

DSA-3157

vendor-advisory

x_refsource_DEBIAN

USN-2397-1

vendor-advisory

x_refsource_UBUNTU

62748

third-party-advisory

x_refsource_SECUNIA

MDVSA-2015:129

vendor-advisory

x_refsource_MANDRIVA

openSUSE-SU-2015:0007

vendor-advisory

x_refsource_SUSE

RHSA-2014:1914

vendor-advisory

x_refsource_REDHAT

openSUSE-SU-2015:0002

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2014-8080

Description

Affected Products

References