22 matches found
REXML: DoS parsing an XML with many `<`s in an attribute value
REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later include the patch to fix this...
Uncontrolled Resource Consumption ('Resource Exhaustion')
Overview rexml is an An XML toolkit for Ruby. Affected versions of this package are vulnerable to Uncontrolled Resource Consumption 'Resource Exhaustion' when parsing an XML that has many s in an attribute value. An attacker can cause a denial of service by exploiting this behavior. Workaround Th...