Denial of Service in Nokogiri XML Parsing by Vendor
CVE-2013-6461

6.5MEDIUM

Key Information:

Vendor: Ruby
Status: Nokogiri Gem
Vendor: CVE Published:; 5 November 2019

What is CVE-2013-6461?

The Nokogiri gem versions 1.5.x and 1.6.x are susceptible to Denial of Service attacks due to improper handling of XML entities. The vulnerability arises when Nokogiri fails to apply limits while parsing XML, which can be exploited to exhaust system resources, rendering the affected application unresponsive. This can lead to significant service interruptions for applications relying on the Nokogiri gem for XML parsing.

Affected Version(s)

Nokogiri gem 1.5.x

Nokogiri gem 1.6.x

References

https://security-tracker.debian.org/tracker/CVE-2013-6461

x_refsource_MISC

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6461

x_refsource_MISC

https://access.redhat.com/security/cve/cve-2013-6461

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 5, 2019
Vulnerability Reserved
Nov 4, 2013

Ruby

What is CVE-2013-6461?

Affected Version(s)

References

CVSS V3.1

Timeline