File tree 1 file changed +44
-0
lines changed
1 file changed +44
-0
lines changed Original file line number Diff line number Diff line change 1+ ---
2+ layout : advisory
3+ title : ' CVE-2024-39908 (rexml): DoS in REXML'
4+ comments : false
5+ categories :
6+ - rexml
7+ advisory :
8+ gem : rexml
9+ cve : 2024-39908
10+ url : https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8
11+ title : DoS in REXML
12+ date : 2024-07-16
13+ description : |
14+ There is a DoS vulnerability in REXML gem. This vulnerability has
15+ been assigned the CVE identifier CVE-2024-39908. We strongly
16+ recommend upgrading the REXML gem.
17+
18+ ## Details
19+
20+ When it parses an XML that has many specific characters such as
21+ <, 0 and %>. REXML gem may take long time.
22+
23+ Please update REXML gem to version 3.3.2 or later.
24+
25+ ## Affected versions
26+
27+ REXML gem 3.3.2 or prior
28+
29+ ## Credits
30+
31+ Thanks to mprogrammer for discovering this issue.
32+
33+ ## History
34+
35+ Originally published at 2024-07-16 03:00:00 (UTC)
36+ patched_versions :
37+ - " >= 3.3.2"
38+ related :
39+ ghsa :
40+ - https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh
41+ url :
42+ - https://www.ruby-lang.org/en/news/2024/07/16/dos-rexml-cve-2024-39908
43+ - https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8
44+ ---
You can’t perform that action at this time.
0 commit comments