Selected versions of Rails 2, 3 & 4 are vulnerable to denial of service attacks via XML. Upgrading to newer versions of Rails can help fix this issue.
XML documents with large document depth can cause applications to raise a
SystemStackError and potentially cause a denial of service attack.
This only impacts applications using REXML or JDOM as their XML processor. Other XML processors that Rails supports are not impacted.