CVE-2024-35176 (rexml): REXML contains a denial of service vulnerability

Ruby Security Advisory

### Impact

The REXML gem before 3.2.6 has a DoS vulnerability when it
parses an XML that has many `<`s in an attribute value. If you need to parse untrusted XMLs, you many be impacted to this vulnerability. ### Patches The REXML gem 3.2.7 or later include the patch to fix this vulnerability. ### Workarounds Don't parse untrusted XMLs. ### References * https://www.ruby-lang.org/en/news/2024/05/16/dos-rexml-cve-2024-35176/

READ MORE

Leave a Reply

Your email address will not be published. Required fields are marked *