rexml-3.3.9.gem: 1 vulnerabilities (highest severity is: 5.3)

<details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/vulnerability_details.png' width=19 height=20> Vulnerable Library - rexml-3.3.9.gem</summary>

An XML toolkit for Ruby
Library home page: <a href="https://rubygems.org/gems/rexml-3.3.9.gem">https://rubygems.org/gems/rexml-3.3.9.gem</a>
Path to dependency file: /docs/Gemfile.lock
Path to vulnerable library: /docs/Gemfile.lock



Found in HEAD commit: <a href="https://github.com/GHE-self-hosted/spark/commit/eb4a123ac71f425039cbf2b066115e480b3e6cc6">eb4a123ac71f425039cbf2b066115e480b3e6cc6</a></details>

## Vulnerabilities

| Vulnerability | Severity | <img src='https://whitesource-resources.whitesourcesoftware.com/cvss3.png' width=19 height=20> CVSS | Dependency | Type | Fixed in (rexml version) | Remediation Possible** |
| ------------- | ------------- | ----- | ----- | ----- | ------------- | --- |
| [CVE-2025-58767](https://www.mend.io/vulnerability-database/CVE-2025-58767) | <img src='https://whitesource-resources.whitesourcesoftware.com/medium_vul.png?' width=19 height=20> Medium | 5.3 | rexml-3.3.9.gem | Direct | https://github.com/ruby/rexml.git - v3.4.2 | &#9989; |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

## Details

<details>

<summary><img src='https://whitesource-resources.whitesourcesoftware.com/medium_vul.png?' width=19 height=20> CVE-2025-58767</summary>


### Vulnerable Library - rexml-3.3.9.gem

An XML toolkit for Ruby
Library home page: <a href="https://rubygems.org/gems/rexml-3.3.9.gem">https://rubygems.org/gems/rexml-3.3.9.gem</a>
Path to dependency file: /docs/Gemfile.lock
Path to vulnerable library: /docs/Gemfile.lock


Dependency Hierarchy:
 - :x: **rexml-3.3.9.gem** (Vulnerable Library)
Found in HEAD commit: <a href="https://github.com/GHE-self-hosted/spark/commit/eb4a123ac71f425039cbf2b066115e480b3e6cc6">eb4a123ac71f425039cbf2b066115e480b3e6cc6</a>
Found in base branch: master




### Vulnerability Details
 
 
REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches to fix these vulnerabilities.

Publish Date: 2025-09-17
URL: <a href=https://www.mend.io/vulnerability-database/CVE-2025-58767>CVE-2025-58767</a>




### CVSS 3 Score Details (5.3)


Base Score Metrics:
- Exploitability Metrics:
 - Attack Vector: Network
 - Attack Complexity: Low
 - Privileges Required: None
 - User Interaction: None
 - Scope: Unchanged
- Impact Metrics:
 - Confidentiality Impact: None
 - Integrity Impact: None
 - Availability Impact: Low

For more information on CVSS3 Scores, click <a href="https://www.first.org/cvss/calculator/3.0">here</a>.




### Suggested Fix


Type: Upgrade version
Origin: <a href="https://github.com/ruby/rexml/security/advisories/GHSA-c2f4-jgmc-q2r5">https://github.com/ruby/rexml/security/advisories/GHSA-c2f4-jgmc-q2r5</a>
Release Date: 2025-09-17
Fix Resolution: https://github.com/ruby/rexml.git - v3.4.2






:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.
</details>

***

:rescue_worker_helmet:Automatic Remediation will be attempted for this issue.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

rexml-3.3.9.gem: 1 vulnerabilities (highest severity is: 5.3) #35

Vulnerabilities

Details

Vulnerable Library - rexml-3.3.9.gem

Vulnerability Details

CVSS 3 Score Details (5.3)

Suggested Fix

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

rexml-3.3.9.gem: 1 vulnerabilities (highest severity is: 5.3) #35

Description

Vulnerabilities

Details

Vulnerable Library - rexml-3.3.9.gem

Vulnerability Details

CVSS 3 Score Details (5.3)

Suggested Fix

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions