CVE Vulnerabilities

CVE-2015-3227

Published: Jul 26, 2015 | Modified: Aug 08, 2019
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
4.3 MODERATE
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V3
Ubuntu
LOW

The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth.

Affected Software

Name Vendor Start Version End Version
Opensuse Opensuse 13.1 (including) 13.1 (including)
Opensuse Opensuse 13.2 (including) 13.2 (including)
Rails Ubuntu vivid *
Rails Ubuntu wily *
Rails-4.0 Ubuntu upstream *
Rails-4.0 Ubuntu utopic *
Ruby-actionpack-2.3 Ubuntu precise *
Ruby-actionpack-2.3 Ubuntu upstream *
Ruby-activerecord-2.3 Ubuntu precise *
Ruby-activerecord-2.3 Ubuntu upstream *
Ruby-activesupport-2.3 Ubuntu precise *
Ruby-activesupport-2.3 Ubuntu upstream *
Ruby-activesupport-3.2 Ubuntu trusty *
Ruby-activesupport-3.2 Ubuntu upstream *
Ruby-rails-2.3 Ubuntu precise *
Ruby-rails-2.3 Ubuntu upstream *

References