Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents
The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Nokogiri | Nokogiri | 1.5.0 (including) | 1.5.11 (excluding) |
Nokogiri | Nokogiri | 1.6.0 (including) | 1.6.1 (excluding) |