CVE-2013-6461: Entity Expansion Vulnerability when using JRuby
(updated )
An error when parsing XML entities can be exploited to exhaust memory and cause the server to crash via a specially crafted XML document including external entity references. Impacted code will look something like this: doc = Nokogiri.XML(untrusted_input)
.
References
Detect and mitigate CVE-2013-6461 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →