Skip to content

DoS vulnerabilities in REXML

Low
kou published GHSA-r55c-59qm-vjw6 Aug 1, 2024

Package

bundler rexml (RubyGems)

Affected versions

< 3.3.3

Patched versions

3.3.3

Description

Impact

The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, >] and ]>.

If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities.

Patches

The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities.

Workarounds

Don't parse untrusted XMLs.

References

Severity

Low

CVE ID

CVE-2024-41123

Weaknesses

No CWEs