Feed Sign in with OpenID OpenID

Simon Willison’s Weblog

DoS vulnerability in REXML. Ruby’s REXML library is susceptible to the “billion laughs” denial of service attack where recursively nested entities expand a single entitity reference to a billion characters (kind of like the exploding zip file attack). Rails applications that process user-supplied XML should apply the monkey-patch ASAP; a proper gem update is forthcoming.

Posted 23rd August 2008 at 11:11 am

Tagged , , , , , ,

2 comments

  1. The "billion laughs" trick is one of my most favorite attack vectors EVAR.

    James Bennett - 23rd August 2008 12:14 - #

  2. Thanks for helping raise the awareness.

    Ironically if you click on the example xml with firefox, it crashes. So these billion laugh attacks are surprisingly wide spread.

    Koz - 23rd August 2008 15:51 - #

Sign in with OpenID

Auto-HTML: Line breaks are preserved; URLs will be converted in to links.

Manual XHTML: Enter your own, valid XHTML. Allowed tags are a, p, blockquote, ul, ol, li, dl, dt, dd, em, strong, dfn, code, q, samp, kbd, var, cite, abbr, acronym, sub, sup, br, pre

A django site