Описание
REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many <s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later include the patch to fix this vulnerability. As a workaround, don't parse untrusted XMLs.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | ruby | Fix deferred | ||
| Red Hat Enterprise Linux 6 | ruby | Out of support scope | ||
| Red Hat Enterprise Linux 7 | ruby | Fix deferred | ||
| Red Hat Enterprise Linux 8 | ruby:3.1/ruby | Fix deferred | ||
| Red Hat Enterprise Linux 8 | ruby:3.3/ruby | Fix deferred | ||
| Red Hat Enterprise Linux 9 | pcs | Fix deferred | ||
| Red Hat Enterprise Linux 9 | ruby | Fix deferred | ||
| Red Hat Enterprise Linux 9 | ruby:3.1/ruby | Fix deferred | ||
| Red Hat Enterprise Linux 9 | ruby:3.3/ruby | Fix deferred | ||
| Red Hat Storage 3 | ruby | Affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many `<`s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later include the patch to fix this vulnerability. As a workaround, don't parse untrusted XMLs.
REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many `<`s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later include the patch to fix this vulnerability. As a workaround, don't parse untrusted XMLs.
REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a den ...
REXML contains a denial of service vulnerability
EPSS
5.3 Medium
CVSS3