logstash-jre-bcfips
8.15.0-r0
4.3
CVSS V3
REXML denial of service vulnerability
The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as <
, 0
and %>
.
If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities.
The REXML gem 3.3.2 or later include the patches to fix these vulnerabilities.
Don't parse untrusted XMLs.