[RUBYSEC:REXML-2024-35176] REXML contains a denial of service vulnerability
Severity
Medium
Affected Packages
1
Fixed Packages
1
CVEs
1
Impact
The REXML gem before 3.2.6 has a DoS vulnerability when it
parses an XML that has many <
s in an attribute value.
If you need to parse untrusted XMLs, you many be impacted
to this vulnerability.
Patches
The REXML gem 3.2.7 or later include the patch to fix this
vulnerability.
Workarounds
Don't parse untrusted XMLs.
References
Package | Affected Version |
---|---|
pkg:gem/rexml | < 3.2.7 |
Package | Fixed Version |
---|---|
pkg:gem/rexml | >= 3.2.7 |
- ID
- RUBYSEC:REXML-2024-35176
- Severity
- medium
- URL
- https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh
- Published
-
2024-05-16T00:00:00
(4 months ago) - Modified
-
2024-05-16T20:19:21
(4 months ago) - Rights
- RubySec Security Team
- Other Advisories
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |