GitHub Advisory DatabaseGHSA-62QP-3FXM-9WXFNokogiri vulnerable to DoS while parsing XML documents
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.004 Low
EPSS
Percentile
74.5%
Nokogiri gem has Denial of Service via infinite loop when parsing XML documents
Affected configurations
References
www.openwall.com/lists/oss-security/2013/12/27/2
access.redhat.com/security/cve/cve-2013-6460
bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6460
bugzilla.suse.com/show_bug.cgi?id=CVE-2013-6460
exchange.xforce.ibmcloud.com/vulnerabilities/90058
github.com/advisories/GHSA-62qp-3fxm-9wxf
github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2013-6460.yml
nvd.nist.gov/vuln/detail/CVE-2013-6460
security-tracker.debian.org/tracker/CVE-2013-6460
web.archive.org/web/20200229074427/https://www.securityfocus.com/bid/64513/
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.004 Low
EPSS
Percentile
74.5%