XML Entity Expansion (XEE) Attack in REXML Parser in Ruby

XML Entity Expansion (XEE) Attack in REXML Parser in Ruby

CVE-2013-1821 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.

Learn more about our Web Application Penetration Testing UK.