You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Affected versions of this package are vulnerable to Improper Restriction of XML External Entity Reference ('XXE') via tree parser APIs like REXML::Document.new function. An attacker can cause the application to consume excessive resources by submitting specially crafted XML documents with many deep elements that have the same local name attributes.
Note:
This is only exploitable if a tree parser API is used to parse untrusted XMLs.
The text was updated successfully, but these errors were encountered:
Introduced through
[email protected] and [email protected]
Fixed in
[email protected]
Exploit maturity
No known exploit
Show less detail
Detailed paths
Introduced through: project@* › [email protected] › [email protected]
Fix: No remediation path available.
Introduced through: project@* › [email protected] › [email protected] › [email protected]
Fix: No remediation path available.
Security information
Factors contributing to the scoring:
Snyk: CVSS v4.0 8.2 - High Severity | CVSS v3.1 5.9 - Medium Severity
NVD: Not available. NVD has not yet published its analysis.
Why are the scores different? Learn how Snyk evaluates vulnerability scores
Overview
rexml is an An XML toolkit for Ruby.
Affected versions of this package are vulnerable to Improper Restriction of XML External Entity Reference ('XXE') via tree parser APIs like REXML::Document.new function. An attacker can cause the application to consume excessive resources by submitting specially crafted XML documents with many deep elements that have the same local name attributes.
Note:
This is only exploitable if a tree parser API is used to parse untrusted XMLs.
The text was updated successfully, but these errors were encountered: