First published: Thu May 16 2024(Updated: )
### Impact The REXML gem before 3.2.6 has a DoS vulnerability when it parses an XML that has many `<`s in an attribute value. If you need to parse untrusted XMLs, you many be impacted to this vulnerability. ### Patches The REXML gem 3.2.7 or later include the patch to fix this vulnerability. ### Workarounds Don't parse untrusted XMLs. ### References * https://www.ruby-lang.org/en/news/2024/05/16/dos-rexml-cve-2024-35176/
Affected Software | Affected Version | How to fix |
---|---|---|
rubygems/rexml | <3.2.7 | 3.2.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.