Updated advisory posts against rubysec/ruby-advisory-db@74cb95f

jasnow · RubySec CI · commit 99b44b9e9d20 · 2024-08-01T16:49:45.000Z
diff --git a/advisories/_posts/2024-08-01-CVE-2024-41123.md b/advisories/_posts/2024-08-01-CVE-2024-41123.md
@@ -0,0 +1,41 @@
+---
+layout: advisory
+title: 'CVE-2024-41123 (rexml): DoS vulnerabilities in REXML'
+comments: false
+categories:
+- rexml
+advisory:
+  gem: rexml
+  cve: 2024-41123
+  url: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123
+  title: DoS vulnerabilities in REXML
+  date: 2024-08-01
+  description: |
+    There are some DoS vulnerabilities in REXML gem.
+    These vulnerabilities have been assigned the CVE identifier
+    CVE-2024-41123. We strongly recommend upgrading the REXML gem.
+
+    ## Details
+
+    When parsing an XML document that has many specific characters such
+    as whitespace character, >] and ]>, REXML gem may take long time.
+
+    Please update REXML gem to version 3.3.3 or later.
+
+    ## Affected versions
+
+    * REXML gem 3.3.2 or prior
+
+    ## Credits
+
+    Thanks to mprogrammer and scyoon for discovering these issues.
+
+    ## History
+
+    Originally published at 2024-08-01 03:00:00 (UTC)
+  patched_versions:
+  - ">= 3.3.3"
+  related:
+    url:
+    - https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123
+---
diff --git a/advisories/_posts/2024-08-01-CVE-2024-41946.md b/advisories/_posts/2024-08-01-CVE-2024-41946.md
@@ -0,0 +1,41 @@
+---
+layout: advisory
+title: 'CVE-2024-41946 (rexml): DoS vulnerabilities in REXML'
+comments: false
+categories:
+- rexml
+advisory:
+  gem: rexml
+  cve: 2024-41946
+  url: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946
+  title: DoS vulnerabilities in REXML
+  date: 2024-08-01
+  description: |
+    There is a DoS vulnerability in REXML gem.
+    This vulnerability has been assigned the CVE identifier
+    CVE-2024-41946. We strongly recommend upgrading the REXML gem.
+
+    ## Details
+
+    When parsing an XML that has many entity expansions with SAX2 or
+    pull parser API, REXML gem may take long time.
+
+    Please update REXML gem to version 3.3.3 or later.
+
+    ## Affected versions
+
+    * REXML gem 3.3.2 or prior
+
+    ## Credits
+
+    Thanks to NAITOH Jun for discovering and fixing this issue.
+
+    ## History
+
+    Originally published at 2024-08-01 03:00:00 (UTC)
+  patched_versions:
+  - ">= 3.3.3"
+  related:
+    url:
+    - https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946
+---
