CVE-2013-1821 – org.jruby:jruby

Package

Manager: maven
Name: org.jruby:jruby
Vulnerable Version: >=0 <1.7.3

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

EPSS: 0.0757 pctl0.91459

Details

Ruby vulnerable to denial of service When reading text nodes from an XML document, the REXML parser can be coerced in to allocating extremely large string objects which can consume all of the memory on a machine, causing a denial of service. Jruby resolves this bug in version 1.7.3 as noted in https://www.jruby.org/2013/02/21/jruby-1-7-3.html

Metadata

Created: 2022-05-17T03:23:26Z
Modified: 2023-08-16T09:36:12Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hgg7-cghq-xhf4/GHSA-hgg7-cghq-xhf4.json
CWE IDs: ["CWE-400"]
Alternative ID: GHSA-hgg7-cghq-xhf4
Finding: F067
Auto approve: 1