Security Advisories

CGA-gvjv-4f2q-v69c

Published

Last updated

https://images.chainguard.dev/security/CGA-gvjv-4f2q-v69c

Package

kube-fluentd-operator

Latest Update

Fixed

Fixed Version

1.18.2-r14

Aliases

Severity

7.5

High

CVSS V3

Summary

REXML DoS vulnerability

Description

Impact

The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, >] and ]>.

If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities.

Patches

The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities.

Workarounds

Don't parse untrusted XMLs.

References

https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh : This is a similar vulnerability
https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8 : This is a similar vulnerability
https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123/: An announce on www.ruby-lang.org

References

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CGA-gvjv-4f2q-v69c

Severity

Summary

Description

Impact

Patches

Workarounds

References

References

Updates

Product

Why Chainguard

Customers

Company

Resources