CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
REXML is vulnerable to Denial Of Service (DoS). The vulnerability is due to improper handling of deeply nested XML elements with the same local name attribute when using the REXML library’s tree parser API. An attacker can exploit this by send a specially crafted XML document and that causes the application to consume excessive resources and DoS.