Описание
The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.
A flaw was found in the way the Ruby REXML library parsed XML documents. Parsing a specially crafted XML document using REXML and writing parsed data back to a new XML document results in creating a document with a different structure. This issue could affect the integrity of processed data in applications using REXML that parse XML documents, write data back to XML, and re-parse them again.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| CloudForms Management Engine 5 | ruby | Not affected | ||
| Red Hat Enterprise Linux 6 | ruby | Out of support scope | ||
| Red Hat Enterprise Linux 7 | ruby | Out of support scope | ||
| Red Hat Enterprise Linux 9 | ruby | Not affected | ||
| Red Hat Software Collections | rh-ruby30-ruby | Affected | ||
| Red Hat Enterprise Linux 8 | ruby | Fixed | RHSA-2021:2584 | 29.06.2021 |
| Red Hat Enterprise Linux 8 | ruby | Fixed | RHSA-2021:2587 | 29.06.2021 |
| Red Hat Enterprise Linux 8 | ruby | Fixed | RHSA-2021:2588 | 29.06.2021 |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | ruby | Fixed | RHSA-2022:0581 | 21.02.2022 |
| Red Hat Enterprise Linux 8.2 Extended Update Support | ruby | Fixed | RHSA-2022:0582 | 21.02.2022 |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.
The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.
The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, a ...
7.5 High
CVSS3