Directory Security Advisories

Security Advisories

CGA-m89m-48x8-362j

Published

Last updated

https://images.chainguard.dev/security/CGA-m89m-48x8-362j

Package

ruby3.2-rexml

Latest Update

Fixed

Fixed Version

3.3.2-r0

Aliases

Severity

4.3

Medium

CVSS V3

Summary

REXML denial of service vulnerability

Description

Impact

The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as <, 0 and %>.

If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities.

Patches

The REXML gem 3.3.2 or later include the patches to fix these vulnerabilities.

Workarounds

Don't parse untrusted XMLs.

References

https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh : This is a similar vulnerability
https://www.ruby-lang.org/en/news/2024/07/16/dos-rexml-cve-2024-39908/

References

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

© 2024 Chainguard. All Rights Reserved.

Product

Chainguard Images

Why Chainguard

Container Image Security Vulnerability Remediation Compliance and Risk Mitigation Software Supply Chain Security AI/ML Security

Customers

Customer Stories Chainguard Love

Company

About Us Open Source Careers Newsroom Legal

Resources

Unchained Blog Research Events Trust Center Documentation