ROS-20241021-01

A vulnerability in the XML toolkit for Ruby REXML is related to parsing XML containing a large number of characters. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service The Ruby REXML XML toolkit vulnerability is related to parsing XML containing a...

GHSA-VG3R-RM7W-2XGH REXML contains a denial of service vulnerability

Impact The REXML gem before 3.2.6 has a DoS vulnerability when it parses an XML that has many s in an attribute value. If you need to parse untrusted XMLs, you may be impacted to this vulnerability. Patches The REXML gem 3.2.7 or later include the patch to fix this vulnerability. Workarounds Don'...

OSV-2023-196 Global-buffer-overflow in xmlDictLookup

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57110 Crash type: Global-buffer-overflow READ 1 Crash state: xmlDictLookup xmlParseNCName xmlParseQName...

expat security update

An update is available for expat. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Expat is a C library for parsing XML documents. Security Fixes: expat: Malforme...