2 matches found
GHSA-C2F4-JGMC-Q2R5 REXML has DoS condition when parsing malformed XML file
Impact The REXML gems from 3.3.3 to 3.4.1 have a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. Patches REXML gems 3.4.2 or later include the patches to fix these vulnerabilities...
Zammad SSO Endpoint Authentication Bypass Vulnerability
Zammad is a Web-based open source helpdesk/customer support system. An SSO endpoint authentication bypass vulnerability exists in Zammad versions prior to 3.4.1. An attacker can exploit this vulnerability by creating a valid authentication session to perform any action in the name of another user...