| Summary | REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as `<`, `0` and `%>`. If you need to parse untrusted XMLs, you many be impacted to these vulnerabilities. The REXML gem 3.3.2 or later include the patches to fix these vulnerabilities. Users are advised to upgrade. Users unable to upgrade should avoid parsing untrusted XML strings. |
|---|---|
| Publication Date | July 17, 2024, 3:15 a.m. |
| Registration Date | July 17, 2024, 10:01 a.m. |
| Last Update | Nov. 21, 2024, 6:28 p.m. |
| Title | Ruby-lang.org の REXML 等複数ベンダの製品におけるリソースの枯渇に関する脆弱性 |
|---|---|
| Summary | Ruby-lang.org の REXML 等複数ベンダの製品には、リソースの枯渇に関する脆弱性が存在します。 |
| Possible impacts | サービス運用妨害 (DoS) 状態にされる可能性があります。 |
| Solution | ベンダアドバイザリまたはパッチ情報が公開されています。参考情報を参照して適切な対策を実施してください。 |
| Publication Date | July 16, 2024, midnight |
| Registration Date | Sept. 24, 2025, 10:04 a.m. |
| Last Update | Sept. 24, 2025, 10:04 a.m. |
| Ruby-lang.org |
| REXML 3.3.2 未満 |
| NetApp |
| Bootstrap OS |
| No | Changed Details | Date of change |
|---|---|---|
| 1 | [2025年09月24日] 掲載 |
Sept. 24, 2025, 10:04 a.m. |