RubySec

Providing security resources for the Ruby community

CVE-2013-6460 (nokogiri): Nokogiri Gem for JRuby Crafted XML Document Handling Infinite Loop Remote DoS

ADVISORIES

GEM

nokogiri

SEVERITY

CVSS v2: 4.3

PATCHED VERSIONS

  • ~> 1.5.11
  • >= 1.6.1

DESCRIPTION

Nokogiri Gem for JRuby contains a flaw that may allow a remote denial of service. The issue is triggered when handling a specially crafted XML document, which can result in an infinite loop. This may allow a context-dependent attacker to crash the server.