Vulnerable Library - activesupport-3.0.9.gem

A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing.

Library home page: https://rubygems.org/gems/activesupport-3.0.9.gem

Dependency Hierarchy:

• rails-3.0.9.gem (Root Library)
  • ❌ activesupport-3.0.9.gem (Vulnerable Library)

Found in HEAD commit: 0c785fd9400921392b8ee5e3e166f30364359ecc

Found in base branch: master

Vulnerability Details

The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth.

Publish Date: 2015-07-26

URL: CVE-2015-3227

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-3227

Release Date: 2015-07-26

Fix Resolution: 4.1.11,4.2.2