CVE-2013-6461

CWE-776XML Entity Expansion (Billion Laughs)7 documents7 sources
Severity
6.5MEDIUM
EPSS
2.0%
top 16.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Nokogiri NokogiriRuby Nokogiri GEMDebian Debian Linux+4 more
Timeline
PublishedNov 5
Latest updateMay 5

Description

Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages7 packages

RubyGemsnokogiri1.5.01.5.11+1
NVDnokogiri/nokogiri1.5.01.5.11+1
CVEListV5ruby/nokogiri_gem1.5.x, 1.6.x+1
NVDredhat/openstack3.0, 4.0+1

Also affects: Debian Linux 10.0, 8.0, 9.0

🔴Vulnerability Details

3
GHSA
Nokogiri vulnerable to DoS while parsing XML entities2022-05-05
OSV
Nokogiri vulnerable to DoS while parsing XML entities2022-05-05
CVEList
CVE-2013-6461: Nokogiri gem 12019-11-05

📋Vendor Advisories

2
Red Hat
rubygem-nokogiri: DoS while parsing XML entities2013-12-15
Debian
CVE-2013-6461: ruby-nokogiri - Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to ap...2013

💬Community

1
Bugzilla
CVE-2013-6461 rubygem-nokogiri: DoS while parsing XML entities2013-12-26