There is a DoS vulnerability in REXML gem. This vulnerability has been assigned the CVE identifier CVE-2024-39908. We strongly recommend upgrading the REXML gem. Details When it parses an XML that has many specific characters such as <, 0 and %>. REXML gem may take long time. Please update REXML gem to version 3.3.2 or later. Affected versions REXML gem 3.3.2 or prior
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d3a5d544965987cbe350279c2a5398308c518610 commit d3a5d544965987cbe350279c2a5398308c518610 Author: Hans de Graaff <graaff@gentoo.org> AuthorDate: 2024-07-16 04:15:20 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-07-16 04:15:47 +0000 dev-ruby/rexml: add 3.3.2 Bug: https://bugs.gentoo.org/936133 Signed-off-by: Hans de Graaff <graaff@gentoo.org> dev-ruby/rexml/Manifest | 1 + dev-ruby/rexml/rexml-3.3.2.ebuild | 40 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a016c2eb975bae51ce405dd58aad7ef41242dedc commit a016c2eb975bae51ce405dd58aad7ef41242dedc Author: Hans de Graaff <graaff@gentoo.org> AuthorDate: 2024-10-13 06:38:08 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-10-13 06:38:22 +0000 dev-ruby/rexml: drop 3.2.8, 3.3.4, 3.3.5 Bug: https://bugs.gentoo.org/937114 Bug: https://bugs.gentoo.org/936133 Bug: https://bugs.gentoo.org/938298 Signed-off-by: Hans de Graaff <graaff@gentoo.org> dev-ruby/rexml/Manifest | 3 --- dev-ruby/rexml/rexml-3.2.8.ebuild | 40 --------------------------------------- dev-ruby/rexml/rexml-3.3.4.ebuild | 40 --------------------------------------- dev-ruby/rexml/rexml-3.3.5.ebuild | 40 --------------------------------------- 4 files changed, 123 deletions(-)