VulnerableCode Vulnerability Details

Search for vulnerabilities

System	Score	Found at
generic_textual	MODERATE	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702525
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-updates/2013-04/msg00036.html
generic_textual	MODERATE	http://rhn.redhat.com/errata/RHSA-2013-1147.html
epss	0.20672	https://api.first.org/data/v1/epss?cve=CVE-2013-1821
epss	0.20672	https://api.first.org/data/v1/epss?cve=CVE-2013-1821
epss	0.20672	https://api.first.org/data/v1/epss?cve=CVE-2013-1821
epss	0.20672	https://api.first.org/data/v1/epss?cve=CVE-2013-1821
epss	0.20672	https://api.first.org/data/v1/epss?cve=CVE-2013-1821
epss	0.20672	https://api.first.org/data/v1/epss?cve=CVE-2013-1821
epss	0.20672	https://api.first.org/data/v1/epss?cve=CVE-2013-1821
epss	0.20672	https://api.first.org/data/v1/epss?cve=CVE-2013-1821
epss	0.20672	https://api.first.org/data/v1/epss?cve=CVE-2013-1821
generic_textual	MODERATE	https://bugzilla.redhat.com/show_bug.cgi?id=914716
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-hgg7-cghq-xhf4
generic_textual	MODERATE	https://github.com/jruby/jruby
cvssv2	5.0	https://nvd.nist.gov/vuln/detail/CVE-2013-1821
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2013-1821
generic_textual	MODERATE	http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=39384
generic_textual	MODERATE	https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0092
generic_textual	MODERATE	https://www.jruby.org/2013/02/21/jruby-1-7-3.html
generic_textual	MODERATE	http://www.debian.org/security/2013/dsa-2738
generic_textual	MODERATE	http://www.debian.org/security/2013/dsa-2809
generic_textual	MODERATE	http://www.mandriva.com/security/advisories?name=MDVSA-2013:124
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2013/03/06/5
generic_textual	MODERATE	http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22
generic_textual	MODERATE	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.426862
generic_textual	MODERATE	http://www.ubuntu.com/usn/USN-1780-1

System

Score

Found at

generic_textual

MODERATE

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702525

generic_textual

MODERATE

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html

generic_textual

MODERATE

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html

generic_textual

MODERATE

http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html

generic_textual

MODERATE

http://lists.opensuse.org/opensuse-updates/2013-04/msg00036.html

generic_textual

MODERATE

http://rhn.redhat.com/errata/RHSA-2013-1147.html

epss

0.20672

https://api.first.org/data/v1/epss?cve=CVE-2013-1821

epss

0.20672

https://api.first.org/data/v1/epss?cve=CVE-2013-1821

epss

0.20672

https://api.first.org/data/v1/epss?cve=CVE-2013-1821

epss

0.20672

https://api.first.org/data/v1/epss?cve=CVE-2013-1821

epss

0.20672

https://api.first.org/data/v1/epss?cve=CVE-2013-1821

epss

0.20672

https://api.first.org/data/v1/epss?cve=CVE-2013-1821

epss

0.20672

https://api.first.org/data/v1/epss?cve=CVE-2013-1821

epss

0.20672

https://api.first.org/data/v1/epss?cve=CVE-2013-1821

epss

0.20672

https://api.first.org/data/v1/epss?cve=CVE-2013-1821

generic_textual

MODERATE

https://bugzilla.redhat.com/show_bug.cgi?id=914716

cvssv3.1_qr

MODERATE

https://github.com/advisories/GHSA-hgg7-cghq-xhf4

generic_textual

MODERATE

https://github.com/jruby/jruby

cvssv2

5.0

https://nvd.nist.gov/vuln/detail/CVE-2013-1821

generic_textual

MODERATE

https://nvd.nist.gov/vuln/detail/CVE-2013-1821

generic_textual

MODERATE

http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=39384

generic_textual

MODERATE

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0092

generic_textual

MODERATE

https://www.jruby.org/2013/02/21/jruby-1-7-3.html

generic_textual

MODERATE

http://www.debian.org/security/2013/dsa-2738

generic_textual

MODERATE

http://www.debian.org/security/2013/dsa-2809

generic_textual

MODERATE

http://www.mandriva.com/security/advisories?name=MDVSA-2013:124

generic_textual

MODERATE

http://www.openwall.com/lists/oss-security/2013/03/06/5

generic_textual

MODERATE

http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22

generic_textual

MODERATE

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.426862

generic_textual

MODERATE

http://www.ubuntu.com/usn/USN-1780-1

Reference id

Reference type

URL

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702525

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html

http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html

http://lists.opensuse.org/opensuse-updates/2013-04/msg00036.html

http://rhn.redhat.com/errata/RHSA-2013-0611.html

http://rhn.redhat.com/errata/RHSA-2013-0612.html

http://rhn.redhat.com/errata/RHSA-2013-1028.html

http://rhn.redhat.com/errata/RHSA-2013-1147.html

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1821.json

https://api.first.org/data/v1/epss?cve=CVE-2013-1821

https://bugzilla.redhat.com/show_bug.cgi?id=914716

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1821

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4073

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4164

http://secunia.com/advisories/52783

http://secunia.com/advisories/52902

https://github.com/jruby/jruby

https://github.com/victims/victims-cve-db/blob/master/database/java/2013/1821.yaml

https://nvd.nist.gov/vuln/detail/CVE-2013-1821

http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=39384

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0092

https://www.jruby.org/2013/02/21/jruby-1-7-3.html

https://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22

http://www.debian.org/security/2013/dsa-2738

http://www.debian.org/security/2013/dsa-2809

http://www.mandriva.com/security/advisories?name=MDVSA-2013:124

http://www.openwall.com/lists/oss-security/2013/03/06/5

http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22

http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/

http://www.securityfocus.com/bid/58141

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.426862

http://www.ubuntu.com/usn/USN-1780-1

cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:*:p385:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:*:p385:*:*:*:*:*:*

GHSA-hgg7-cghq-xhf4

https://github.com/advisories/GHSA-hgg7-cghq-xhf4

GLSA-201412-27

https://security.gentoo.org/glsa/201412-27

RHSA-2013:0611

https://access.redhat.com/errata/RHSA-2013:0611

RHSA-2013:0612

https://access.redhat.com/errata/RHSA-2013:0612

RHSA-2013:1028

https://access.redhat.com/errata/RHSA-2013:1028

RHSA-2013:1147

https://access.redhat.com/errata/RHSA-2013:1147

RHSA-2013:1185

https://access.redhat.com/errata/RHSA-2013:1185

USN-1780-1

https://usn.ubuntu.com/1780-1/

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:46:48.976256+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jruby/jruby/CVE-2013-1821.yml	38.0.0

2026-04-01T12:46:48.976256+00:00

GitLab Importer

Import

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jruby/jruby/CVE-2013-1821.yml

38.0.0

Vulnerability ID	VCID-5xez-skrj-b3h4
Aliases	CVE-2013-1821 GHSA-hgg7-cghq-xhf4 OSV-90587
Summary	Entity expansion DoS vulnerability in REXML `lib/rexml/text.rb` in the REXML parser allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-20	Improper Input Validation
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-400	Uncontrolled Resource Consumption

Percentile	0.95557
EPSS Score	0.20672
Published At	April 1, 2026, 12:55 p.m.