CVE-2021-3541

Improper Restriction of Recursive Entity References in DTDs (XML Entity Expansion) in gem/nokogiri

Identifiers

CVE-2021-3541

Package Slug

gem/nokogiri

Vulnerability

Improper Restriction of Recursive Entity References in DTDs (XML Entity Expansion)

Description

A flaw was found in libxml2. By exploiting an exponential entity expansion attack its possible bypassing all existing protection mechanisms and lead to a denial of service.

Affected Versions

All versions before 1.11.4

Solution

Upgrade to version 1.11.4 or above.

Last Modified

2021-07-21

source