Project

General

Profile

Actions

Bug #20516

closed

The version of rexml in ruby 3.3.2 has not been updated since 3.2.6.

Added by naitoh (Jun NAITOH) 6 months ago. Updated 5 months ago.

Status:
Closed
Assignee:
-
Target version:
-
ruby -v:
ruby 3.3.2 (2024-05-30 revision e5a195edf6) [arm64-darwin22]
[ruby-core:118128]

Description

The version of rexml in ruby 3.3.2 has not been updated since 3.2.6.
This is still a DoS vulnerable version.

https://www.ruby-lang.org/en/news/2024/05/16/dos-rexml-cve-2024-35176/

$ ruby -v
ruby 3.3.2 (2024-05-30 revision e5a195edf6) [arm64-darwin22]
$ gem list rexml

*** LOCAL GEMS ***

rexml (3.2.6)
Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0