CVE-2024-35176: DoS in REXML

by

Author:
Source

Sponsored:

Atlas of AI: Power, Politics, and the Planetary Costs of Artificial Intelligence - Audiobook

Uncover the true cost of artificial intelligence.

"Atlas of AI" by Kate Crawford exposes how power, politics, and profit extract from our planet, our labor, and our freedom.

From hidden mines to massive data empires, discover how AI is reshaping who we are—and who holds control.

Listen now, and see the system behind the screens before the future listens to you. = > Atlas of AI $0.00 with trial. Read by Larissa Gallagher

There is a DoS vulnerability in REXML gem. This vulnerability has been assigned the CVE identifier CVE-2024-35176. We strongly recommend upgrading the REXML gem.

Details

When parsing an XML document that has many < in an attribute value, REXML gem may take long time.

Please update REXML gem to version 3.2.7 or later.

Affected versions

  • REXML gem 3.2.6 or prior

Credits

Thanks to mprogrammer for discovering this issue.

History

  • Originally published at 2024-05-16 05:00:00 (UTC)

Posted by kou on 16 May 2024

Read more

Related Posts: