VYPR
Moderate severityNVD Advisory· Published Apr 9, 2013· Updated Jun 16, 2026

CVE-2013-1821

CVE-2013-1821

Description

lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.jruby:jrubyMaven
< 1.7.31.7.3

Affected products

15
  • Ruby Lang/Ruby14 versions
    cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*+ 13 more
    • cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:*:p385:*:*:*:*:*:*range: <=1.9.3
  • ghsa-coords
    Range: < 1.7.3

Patches

Vulnerability mechanics

References

27

News mentions

0

No linked articles in our index yet.