Skip to content

activesupport vulnerable to Denial of Service via large XML document depth

Moderate severity GitHub Reviewed Published Oct 24, 2017 to the GitHub Advisory Database • Updated Jan 23, 2023

Package

bundler activesupport (RubyGems)

Affected versions

< 4.1.11
>= 4.2.0, < 4.2.2

Patched versions

4.1.11
4.2.2
Published to the GitHub Advisory Database Oct 24, 2017
Reviewed Jun 16, 2020
Last updated Jan 23, 2023

Severity

Moderate

EPSS score

1.568%
(88th percentile)

Weaknesses

No CWEs

CVE ID

CVE-2015-3227

GHSA ID

GHSA-j96r-xvjq-r9pg

Source code

No known source code
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.