OSVDB-118481 (nokogiri): Nokogiri Gem for JRuby XML Document Root Element Handling Memory Consumption Remote DoS

PATCHED VERSIONS

~> 1.6.2.2
>= 1.6.3

DESCRIPTION

Nokogiri Gem for JRuby contains a flaw that is triggered when handling a root element in an XML document. This may allow a remote attacker to cause a consumption of memory resources.

CVE-2013-6461 (NVD)
https://github.com/sparklemotion/nokogiri/pull/1087
https://github.com/sparklemotion/nokogiri/pull/1087/commits/8293bf6fddecb68b688cf025859afde7609f7bff
https://github.com/sparklemotion/nokogiri/commit/a098ddfc9990ea79dbc191407d3e83611e5ff1e6

RubySec

OSVDB-118481 (nokogiri): Nokogiri Gem for JRuby XML Document Root Element Handling Memory Consumption Remote DoS

ADVISORIES

GEM

PLATFORM

PATCHED VERSIONS

DESCRIPTION

RELATED

Recent Advisories