bundle-audit-results/bundle-audit.json


			
				
				
					
						
						
						
							
							
							{"version":"0.9.1","created_at":"2024-07-17 11:27:46 +0200","results":[{"type":"unpatched_gem","gem":{"name":"rexml","version":"3.2.8"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/rexml/CVE-2024-39908.yml","id":"CVE-2024-39908","url":"https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8","title":"DoS in REXML","date":"2024-07-16","description":"There is a DoS vulnerability in REXML gem. This vulnerability has\nbeen assigned the CVE identifier CVE-2024-39908. We strongly\nrecommend upgrading the REXML gem.\n\n## Details\n\nWhen it parses an XML that has many specific characters such as\n<, 0 and %>. REXML gem may take long time.\n\nPlease update REXML gem to version 3.3.2 or later.\n\n## Affected versions\n\nREXML gem 3.3.2 or prior\n\n## Credits\n\nThanks to mprogrammer for discovering this issue.\n\n## History\n\nOriginally published at 2024-07-16 03:00:00 (UTC)\n","cvss_v2":null,"cvss_v3":null,"cve":"2024-39908","osvdb":null,"ghsa":null,"unaffected_versions":[],"patched_versions":[">= 3.3.2"],"criticality":null}}]}
						
						
					
				
				
					
					View Git Blame
					Copy Permalink