logo
DATABASE RESOURCES PRICING ABOUT US

ruby -- XML round-trip vulnerability in REXML

Description

Juho Nurminen reports: When parsing and serializing a crafted XML document, REXML gem (including the one bundled with Ruby) can create a wrong XML document whose structure is different from the original one. The impact of this issue highly depends on context, but it may lead to a vulnerability in some programs that are using REXML.


Affected Package


OS OS Version Package Name Package Version
FreeBSD any ruby 2.5.0,1
FreeBSD any ruby 2.5.9,1
FreeBSD any rubygem-rexml 3.2.5

Related