logo
DATABASE RESOURCES PRICING ABOUT US

FreeBSD : ruby -- XML round-trip vulnerability in REXML (dec7e4b6-961a-11eb-9c34-080027f515ea)

Description

Juho Nurminen reports : When parsing and serializing a crafted XML document, REXML gem (including the one bundled with Ruby) can create a wrong XML document whose structure is different from the original one. The impact of this issue highly depends on context, but it may lead to a vulnerability in some programs that are using REXML.


Related