CVE-2024-39908

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-39908

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-39908.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-39908

Aliases

Related

Published

2024-07-16T18:15:08Z

Modified

2024-08-02T01:56:43.349882Z

Summary

[none]

Details

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as <, 0 and %>. If you need to parse untrusted XMLs, you many be impacted to these vulnerabilities. The REXML gem 3.3.2 or later include the patches to fix these vulnerabilities. Users are advised to upgrade. Users unable to upgrade should avoid parsing untrusted XML strings.

References

Affected packages

Git / github.com/ruby/rexml

Affected ranges

Type: GIT
Repo: https://github.com/ruby/rexml
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

20017eea807e8fa386aa5c79ae779004d8b366dd

Affected versions

v3.*

v3.1.8

v3.1.9

v3.2.0

v3.2.1

v3.2.2

v3.2.3

v3.2.4

v3.2.5

v3.2.6

v3.2.7

v3.2.8

v3.2.9

v3.3.0