发布时间: 2024年7月12日
修改时间: 2024年10月9日
REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many `<`s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later include the patch to fix this vulnerability. As a workaround, don t parse untrusted XMLs.
| NVD | openEuler | |
|---|---|---|
| Confidentiality | None | |
| Attack Vector | Network | |
| CVSS评分 | N/A | 5.3 |
| Attack Complexity | Low | |
| Privileges Required | None | |
| Scope | Unchanged | |
| Integrity | None | |
| User Interaction | None | |
| Availability | Low |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2024-3655 | ruby security update | 2025年2月5日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-5A | ruby | Fixed |
| KY3.5.2 | ruby | Fixed |
| KY3.5.3 | ruby | Fixed |
| V6 | ruby | Fixed |
