CVEs affecting projects tracked on Release Alert, from NVD & OSV.
CVE-2014-8090 — MEDIUM severity vulnerability | Release Alert
CVE-2014-8090
5
MEDIUMCVSS v2
Published
November 21, 2014
Affected
3 projects
Assigned by
Red Hat
Severity scale
010
Description
The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080.
ChocolateyRuby is a dynamic, open source programming language focusing on simplicity and productivity. It has an elegant syntax that is natural to read and easy to write.
This package provides a self-contained [Windows-based installer](https://rubyinstaller.org) that includes the Ruby language, an execution environment, important documentation, and more.
## Package Parameters
- `/InstallDir` - Ruby installation directory, by default `c:\tools\RubyXY` where XY are major and minor version parts.
- `/NoPath` - Do not add ruby bin folder to machine PATH.
Example: `choco install ruby --package-parameters="'/NoPath ""/InstallDir:C:\your\install\path""'"`
## Notes
- To install ruby development kit ruby installer provides `ridk` command. It provides an easy way to install msys2 via `ridk install 1`, however, the installation is interactive. To accomplish unattended install, use [msys2](https://chocolatey.org/packages/msys2) package.