Published
Last updated
4.3
CVSS V3
REXML denial of service vulnerability
The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as <
, 0
and %>
.
If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities.
The REXML gem 3.3.2 or later include the patches to fix these vulnerabilities.
Don't parse untrusted XMLs.