Oval Definition:	oval:org.opensuse.security:def:20130175
Revision Date: 2022-06-30 Version: 1 Title: CVE-2013-0175 Description: multi_xml gem 0.5.2 for Ruby, as used in Grape before 0.2.6 and possibly other products, does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156. Family: unix Class: vulnerability Status: Reference(s): CVE-2013-0175 Mitre CVE-2013-0175 SUSE CVE-2013-0175 Platform(s): openSUSE Tumbleweed SUSE OpenStack Cloud 6 Product(s): Definition Synopsis SUSE OpenStack Cloud 6 is installed AND ruby2.1-rubygem-multi_xml-0.5.5-1 is installed Definition Synopsis openSUSE Tumbleweed is installed AND Package Information ruby2.7-rubygem-multi_xml-0.6.0-1.14 is installed OR ruby3.0-rubygem-multi_xml-0.6.0-1.14 is installed
BACK