2 matches found
Astra Linux – Vulnerability in Ruby 2.5
REXML is an XML toolkit for Ruby. The REXML gem prior to version 3.3.9 has a ReDoS vulnerability when it parses an XML document containing many digits between “&” and “x”… in a hexadecimal character reference such as “&…”. This issue does not occur in Ruby 3.2 or later versions. Ruby 3.1 is the...
AZL-51876 CVE-2024-49761 affecting package ruby for versions less than 3.1.4-8
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML...