Snyk Medium vulnerability: rexml - Uncontrolled Resource Consumption ('Resouce Exhaustion') #398
Assignees
Labels
I & A
Used for ESDIS I&A Sprint Review
Comments
hbparache
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Introduced through
[email protected] and [email protected]
Fixed in
[email protected]
Exploit maturity
Proof of Concept
Show less detail
Detailed paths
Introduced through: project@* › [email protected] › [email protected]
Fix: No remediation path available.
Introduced through: project@* › [email protected] › [email protected] › [email protected]
Fix: No remediation path available.
Security information
Factors contributing to the scoring:
Snyk: CVSS v4.0 6.9 - Medium Severity | CVSS v3.1 5.3 - Medium Severity
NVD: CVSS v3.1 7.5 - High Severity
Why are the scores different? Learn how Snyk evaluates vulnerability scores
Overview
rexml is an An XML toolkit for Ruby.
Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') via the SAX2 or pull parser API. An attacker can cause the application to consume excessive resources leading to a denial of service by submitting specially crafted XML documents that exploit entity expansions.
The text was updated successfully, but these errors were encountered: