← Back

CVE-2013-6460

nvd nist
Published: Nov 5, 2019Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents

Affected (11)

Nokogiri
1 product
Nokogiri
Debian
1 product
Debian Linux
Redhat
5 products
Cloudforms Management Engine
Enterprise Mrg
Openstack
Satellite
Subscription Asset Manager
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Nokogiri
Nokogiri
From 1.5.0 to 1.5.11
Nokogiri
From 1.6.0 to 1.6.1
Configuration B
3 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Debian Linux
Version 10.0
Debian Linux
Version 8.0
Debian Linux
Version 9.0
Configuration C
6 vulnerable
Vulnerable SoftwareAffected Versions
Cloudforms Management Engine
Version 5.0
Enterprise Mrg
Version 2.0
Redhat
Openstack
Version 3.0
Openstack
Version 4.0
Satellite
Version 6.0
Subscription Asset Manager
All versions

Related CWEs

CWE-776
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.

References (14)

Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Third Party AdvisoryVDB Entry
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
ExploitIssue TrackingPatchThird Party Advisory
Source: secalert@redhat.com
Issue TrackingThird Party Advisory
Source: secalert@redhat.com
Third Party AdvisoryVDB Entry
Source: secalert@redhat.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue TrackingPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.