CVE-2013-6460: Memory Exhaustion Vulnerability when using JRuby

November 5, 2019 (updated November 8, 2019)

Attackers can send XML documents with carefully crafted documents which can cause the XML processor to enter an infinite loop, causing the server to run out of memory and crash. Impacted code will look something like this: doc = Nokogiri.XML(untrusted_input).

References

groups.google.com/forum/

Detect and mitigate CVE-2013-6460 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →