XML Parsing Flaw in Ruby on Rails Active Support Component
CVE-2013-1856

Currently unrated

Key Information:

Vendor

Rubyonrails

Status
Ruby On Rails
Rails
Vendor
CVE Published:
19 March 2013

What is CVE-2013-1856?

In Ruby on Rails, the ActiveSupport::XmlMini_JDOM backend is vulnerable when used with JRuby, failing to properly restrict XML parser capabilities. This flaw allows remote attackers to exploit the application, potentially leading to unauthorized access to sensitive files or triggering denial of service through resource exhaustion via external DTDs or entity references.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://lists.apple.com/archives/security-announce/2013/Oc...
vendor-advisoryx_refsource_APPLE
http://support.apple.com/kb/HT5784
x_refsource_CONFIRM
http://lists.apple.com/archives/security-announce/2013/Ju...
vendor-advisoryx_refsource_APPLE

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.