Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The ActiveSupport::XmlMini_JDOM backend in lib/active_support/xml_mini/jdom.rb in the Active Support component in Ruby on Rails 3.0.x and 3.1.x before 3.1.12 and 3.2.x before 3.2.13, when JRuby is used, does not properly restrict the capabilities of the XML parser, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving (1) an external DTD or (2) an external entity declaration in conjunction with an entity reference.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Ruby on Rails XML 解析拒绝服务漏洞
Vulnerability Description
Ruby on Rails(Rails)是Rails核心团队开发维护的一套基于Ruby语言的开源Web应用框架,它是由大卫-海纳梅尔-韩森从美国37signals公司的项目管理工具Basecamp里分离出来的。 Ruby on Rails 3.1.12之前的3.0.x和3.1.x版本,3.2.13之前的3.2.x版本中Active Support组件中lib/active_support/xml_mini/jdom.rb中ActiveSupport::XmlMini_JDOM backend中存在漏洞。该
CVSS Information
N/A
Vulnerability Type
N/A