| Summary: | <dev-ruby/rexml-3.2.8: Denial of Service | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Hans de Graaff <graaff> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | CONFIRMED --- | ||
| Severity: | normal | CC: | ruby |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://www.ruby-lang.org/en/news/2024/05/16/dos-rexml-cve-2024-35176/ | ||
| Whiteboard: | A3 [glsa?] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 932175 | ||
| Bug Blocks: | |||
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=264eccd8dbd24a8b65c27373fcfff40821804cb3 commit 264eccd8dbd24a8b65c27373fcfff40821804cb3 Author: Hans de Graaff <graaff@gentoo.org> AuthorDate: 2024-06-15 06:10:14 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-06-15 06:10:30 +0000 dev-ruby/rexml: drop 3.2.6 Bug: https://bugs.gentoo.org/932013 Signed-off-by: Hans de Graaff <graaff@gentoo.org> dev-ruby/rexml/Manifest | 1 - dev-ruby/rexml/rexml-3.2.6.ebuild | 33 --------------------------------- 2 files changed, 34 deletions(-) |
There is a DoS vulnerability in REXML gem. This vulnerability has been assigned the CVE identifier CVE-2024-35176. We strongly recommend upgrading the REXML gem. Details When parsing an XML document that has many < in an attribute value, REXML gem may take long time. Please update REXML gem to version 3.2.7 or later. Affected versions REXML gem 3.2.6 or prior