CVE-2015-3227
Description
The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth.
Risk Information
Base Score
7.5
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
2.683
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2015-3226,CVE-2015-3227 are fixed in Ruby-activesupport 4.1.11 | Windows |
| Vulnerabilities CVE-2015-3226,CVE-2015-3227 are fixed in Ruby-activesupport 4.2.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Aspera Shares 1.10.1 | Windows |
| Vulnerabilities CVE-2015-3227 are fixed in Ruby-activesupport 3.2.22 | Windows |
| rails security update(DSA-3509-1) rails_4.1.8-1+deb8u2_all.deb | Linux |
| Vulnerabilities CVE-2015-3226,CVE-2015-3227 are fixed in Ruby-activesupport for Linux 4.1.11 | Linux |
| Vulnerabilities CVE-2015-3226,CVE-2015-3227 are fixed in Ruby-activesupport for Linux 4.2.2 | Linux |
| Vulnerabilities CVE-2015-3227 are fixed in Ruby-activesupport for Linux 3.2.22 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234