XML Entity Expansion (XEE) Attack in REXML Parser in Ruby
CVE-2013-1821 · MEDIUM Severity
AV:N/AC:L/AU:N/C:N/I:N/A:P
lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.
Learn more about our Web Application Penetration Testing UK.