bundle-audit-results/bundle-audit.json


			
				
				
					
						
						
						
							
							
							{"version":"0.9.2","created_at":"2025-09-19 11:58:35 +0200","results":[{"type":"unpatched_gem","gem":{"name":"rexml","version":"3.4.1"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/rexml/CVE-2025-58767.yml","id":"CVE-2025-58767","url":"https://github.com/ruby/rexml/security/advisories/GHSA-c2f4-jgmc-q2r5","title":"REXML has DoS condition when parsing malformed XML file","date":"2025-09-17","description":"### Impact\n\nThe REXML gems from 3.3.3 to 3.4.1 have a DoS vulnerability when\nparsing XML containing multiple XML declarations. If you need to\nparse untrusted XMLs, you may be impacted to these vulnerabilities.\n\n### Patches\n\nREXML gems 3.4.2 or later include the patches to fix these vulnerabilities.\n\n### Workarounds\n\nDon't parse untrusted XMLs.\n\n### References\n\n* https://www.ruby-lang.org/en/news/2025/09/18/dos-rexml-cve-2025-58767\n  - An announcement on www.ruby-lang.org\n","cvss_v2":null,"cvss_v3":null,"cve":"2025-58767","osvdb":null,"ghsa":"c2f4-jgmc-q2r5","unaffected_versions":["< 3.3.3"],"patched_versions":[">= 3.4.2"],"criticality":null}}]}
						
						
					
				
				
					
					View Git Blame
					Copy Permalink