Moderate severityNVD Advisory· Published Apr 9, 2013· Updated Jun 16, 2026
CVE-2013-1821
CVE-2013-1821
Description
lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jruby:jrubyMaven | < 1.7.3 | 1.7.3 |
Affected products
15cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*+ 13 more
- cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:*:p385:*:*:*:*:*:*range: <=1.9.3
Patches
Vulnerability mechanics
References
27- secunia.com/advisories/52783nvdVendor Advisory
- secunia.com/advisories/52902nvdVendor Advisory
- www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/nvdVendor Advisory
- github.com/advisories/GHSA-hgg7-cghq-xhf4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2013-1821ghsaADVISORY
- bugs.debian.org/cgi-bin/bugreport.cginvdWEB
- lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.htmlnvdWEB
- lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.htmlnvdWEB
- lists.opensuse.org/opensuse-updates/2013-04/msg00034.htmlnvdWEB
- lists.opensuse.org/opensuse-updates/2013-04/msg00036.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2013-1147.htmlnvdWEB
- svn.ruby-lang.org/cgi-bin/viewvc.cginvdWEB
- www.debian.org/security/2013/dsa-2738nvdWEB
- www.debian.org/security/2013/dsa-2809nvdWEB
- www.mandriva.com/security/advisoriesnvdWEB
- www.openwall.com/lists/oss-security/2013/03/06/5nvdWEB
- www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22ghsaWEB
- www.slackware.com/security/viewer.phpnvdWEB
- www.ubuntu.com/usn/USN-1780-1nvdWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- wiki.mageia.org/en/Support/Advisories/MGASA-2013-0092nvdWEB
- www.jruby.org/2013/02/21/jruby-1-7-3.htmlghsaWEB
- rhn.redhat.com/errata/RHSA-2013-0611.htmlnvd
- rhn.redhat.com/errata/RHSA-2013-0612.htmlnvd
- rhn.redhat.com/errata/RHSA-2013-1028.htmlnvd
- www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlnvd
- www.securityfocus.com/bid/58141nvd
News mentions
0No linked articles in our index yet.