Skip to content

Commit 92ea9b2

Browse files
kouhsbt
kou
authored and
hsbt
committed
Add CVE-2024-43398: DoS vulnerability in REXML
1 parent 6ae1fa7 commit 92ea9b2

File tree

1 file changed

+31
-0
lines changed

1 file changed

+31
-0
lines changed

en/news/_posts/2024-08-22-dos-rexml-cve-2024-43398.md

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
---
2+
layout: news_post
3+
title: "CVE-2024-43398: DoS vulnerability in REXML"
4+
author: "kou"
5+
translator:
6+
date: 2024-08-22 03:00:00 +0000
7+
tags: security
8+
lang: en
9+
---
10+
11+
There is a DoS vulnerability in REXML gem. This vulnerability has been assigned the CVE identifier [CVE-2024-43398](https://www.cve.org/CVERecord?id=CVE-2024-43398). We strongly recommend upgrading the REXML gem.
12+
13+
## Details
14+
15+
When parsing an XML that has many deep elements that have same local name attributes.
16+
17+
It's only affected with the tree parser API. If you're using `REXML::Document.new` to parse an XML, you may be affected.
18+
19+
Please update REXML gem to version 3.3.6 or later.
20+
21+
## Affected versions
22+
23+
* REXML gem 3.3.5 or prior
24+
25+
## Credits
26+
27+
Thanks to [l33thaxor](https://hackerone.com/l33thaxor) for discovering this issue.
28+
29+
## History
30+
31+
* Originally published at 2024-08-22 03:00:00 (UTC)

0 commit comments

Comments
 (0)