Lucene search

K
osvGoogleOSV:USN-4922-1
HistoryApr 20, 2021 - 5:01 p.m.

ruby2.3, ruby2.5, ruby2.7 vulnerability

2021-04-2017:01:53
Google
osv.dev
13
ruby
rexml
xml
vulnerability
juho nurminen
remote attack
software

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

43.0%

Juho Nurminen discovered that the REXML gem bundled with Ruby incorrectly
parsed and serialized XML documents. A remote attacker could possibly use
this issue to perform an XML round-trip attack.