CVE-2013-6460: Memory Exhaustion Vulnerability when using JRuby
(updated )
Attackers can send XML documents with carefully crafted documents which can cause the XML processor to enter an infinite loop, causing the server to run out of memory and crash. Impacted code will look something like this: doc = Nokogiri.XML(untrusted_input)
.
References
Detect and mitigate CVE-2013-6460 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →