CVE-2021-28965

CVSS v3.1 7.5 (High)

CVSS v2.0 5 (Medium)

EPSS 0.10 % (44^th)

Affected Products 3

Advisories 27

The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.

Weaknesses

CWE-NVD-Other

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2021-04-21 07:15:07
(3 years ago)
Updated Date: 2023-11-07 03:32:25
(10 months ago)

Affected Products

Fedoraproject

Fedora

Ruby-lang

Rexml
Ruby

Configuration #1

	CPE23	From	Up To
Ruby-lang Rexml for Ruby prior 3.2.5 version	cpe:2.3:a:ruby-lang:rexml::::::ruby		< 3.2.5
Ruby-lang Ruby prior 2.6.7 version	cpe:2.3:a:ruby-lang:ruby		< 2.6.7
Ruby-lang Ruby from 2.7.0 version and prior 2.7.3 version	cpe:2.3:a:ruby-lang:ruby	>= 2.7.0	< 2.7.3
Ruby-lang Ruby from 3.0.0 version and prior 3.0.1 version	cpe:2.3:a:ruby-lang:ruby	>= 3.0.0	< 3.0.1

Configuration #2

		CPE23	From	Up To
	Fedoraproject Fedora 34	cpe:2.3:o:fedoraproject:fedora:34