CVE-2013-6461: Entity Expansion Vulnerability when using JRuby

November 5, 2019 (updated November 8, 2019)

An error when parsing XML entities can be exploited to exhaust memory and cause the server to crash via a specially crafted XML document including external entity references. Impacted code will look something like this: doc = Nokogiri.XML(untrusted_input).

References

groups.google.com/forum/

Detect and mitigate CVE-2013-6461 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →