CVE-2013-1856

NONECVSS 0.0

0.0

The ActiveSupport::XmlMini_JDOM backend in lib/active_support/xml_mini/jdom.rb in the Active Support component in Ruby on Rails 3.0.x and 3.1.x before 3.1.12 and 3.2.x before 3.2.13, when JRuby is used, does not properly restrict the capabilities of the XML parser, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving (1) an external DTD or (2) an external entity declaration in conjunction with an entity reference.

🔗 References (10)

secalert@redhathttp://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
secalert@redhathttp://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
secalert@redhathttp://support.apple.com/kb/HT5784
secalert@redhathttp://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/
secalert@redhathttps://groups.google.com/group/rubyonrails-security/msg/6c2482d4ed1545e6?dmode=source&output=gplain
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT5784
af854a3a-2127-422b-91ae-364da2661108http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/
af854a3a-2127-422b-91ae-364da2661108https://groups.google.com/group/rubyonrails-security/msg/6c2482d4ed1545e6?dmode=source&output=gplain

Is Your Infrastructure Affected by CVE-2013-1856?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2013-1856

📅 Published

🔄 Last Modified

🔗 References (10)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2013-1856?