RubySec

Providing security resources for the Ruby community

OSVDB-118481 (nokogiri): Nokogiri Gem for JRuby XML Document Root Element Handling Memory Consumption Remote DoS

ADVISORIES

GEM

nokogiri

PLATFORM

JRuby

PATCHED VERSIONS

  • ~> 1.6.2.2
  • >= 1.6.3

DESCRIPTION

Nokogiri Gem for JRuby contains a flaw that is triggered when handling a root element in an XML document. This may allow a remote attacker to cause a consumption of memory resources.

RELATED