OSVDB-118481 (nokogiri): Nokogiri Gem for JRuby XML Document Root Element Handling Memory Consumption Remote DoS

Nokogiri Gem for JRuby XML Document Root Element Handling Memory Consumption Remote DoS

Published: April 30, 2014

PATCHED VERSIONS

~> 1.6.2.2 >= 1.6.3

DESCRIPTION

Nokogiri Gem for JRuby contains a flaw that is triggered when handling a root element in an XML document. This may allow a remote attacker to cause a consumption of memory resources.

CVE-2013-6461 (NVD)
https://github.com/sparklemotion/nokogiri/pull/1087
https://github.com/sparklemotion/nokogiri/pull/1087/commits/8293bf6fddecb68b688cf025859afde7609f7bff
https://github.com/sparklemotion/nokogiri/commit/a098ddfc9990ea79dbc191407d3e83611e5ff1e6

RubySec

OSVDB-118481 (nokogiri): Nokogiri Gem for JRuby XML Document Root Element Handling Memory Consumption Remote DoS

Nokogiri Gem for JRuby XML Document Root Element Handling Memory Consumption Remote DoS

SECURITY IDENTIFIERS

GEM

PLATFORM

PATCHED VERSIONS

DESCRIPTION

RELATED

Recent Advisories