Security Advisories

CGA-2583-v855-mmq2

Published

Last updated

Package

ruby3.2-rexml

Latest Update

Fixed

Fixed Version

3.2.8-r0

Aliases

Severity

5.3

Medium

CVSS V3

REXML contains a denial of service vulnerability

The REXML gem before 3.2.6 has a DoS vulnerability when it parses an XML that has many <s in an attribute value.

If you need to parse untrusted XMLs, you may be impacted to this vulnerability.

The REXML gem 3.2.7 or later include the patch to fix this vulnerability.

Don't parse untrusted XMLs.

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.