CVE-2024-39908: DoS vulnerability in REXML

Posted by watson1978 on 16 Jul 2024

There is a DoS vulnerability in REXML gem. This vulnerability has been assigned the CVE identifier CVE-2024-39908. We strongly recommend upgrading the REXML gem.

Details

When it parses an XML that has many specific characters such as <, 0 and %>. REXML gem may take long time.

Please update REXML gem to version 3.3.2 or later.

Affected versions

  • REXML gem 3.3.1 or prior

Credits

Thanks to mprogrammer for discovering this issue.

History

  • Originally published at 2024-07-16 03:00:00 (UTC)