Find, fix and prevent vulnerabilities in your code.
medium severity
new
- Vulnerable module: rexml
- Introduced through: jekyll@4.3.1, jekyll-bulma@0.8.1 and others
Detailed paths
-
Introduced through: MichaelCurrin/my-github-projects:Gemfile.lock@MichaelCurrin/my-github-projects#e827df84c503b0c6e1f2478ce1ef00712490c84e › jekyll@4.3.1 › kramdown@2.4.0 › rexml@3.2.5Remediation: Upgrade to jekyll@4.3.1.
-
Introduced through: MichaelCurrin/my-github-projects:Gemfile.lock@MichaelCurrin/my-github-projects#e827df84c503b0c6e1f2478ce1ef00712490c84e › jekyll@4.3.1 › kramdown-parser-gfm@1.1.0 › kramdown@2.4.0 › rexml@3.2.5Remediation: Upgrade to jekyll@4.3.1.
-
Introduced through: MichaelCurrin/my-github-projects:Gemfile.lock@MichaelCurrin/my-github-projects#e827df84c503b0c6e1f2478ce1ef00712490c84e › jekyll-bulma@0.8.1 › jekyll@4.3.1 › kramdown@2.4.0 › rexml@3.2.5Remediation: Upgrade to jekyll-bulma@0.8.1.
-
Introduced through: MichaelCurrin/my-github-projects:Gemfile.lock@MichaelCurrin/my-github-projects#e827df84c503b0c6e1f2478ce1ef00712490c84e › jekyll-github-metadata@2.14.0 › jekyll@4.3.1 › kramdown@2.4.0 › rexml@3.2.5Remediation: Upgrade to jekyll-github-metadata@2.14.0.
-
Introduced through: MichaelCurrin/my-github-projects:Gemfile.lock@MichaelCurrin/my-github-projects#e827df84c503b0c6e1f2478ce1ef00712490c84e › jekyll-seo-tag@2.8.0 › jekyll@4.3.1 › kramdown@2.4.0 › rexml@3.2.5Remediation: Upgrade to jekyll-seo-tag@2.8.0.
-
Introduced through: MichaelCurrin/my-github-projects:Gemfile.lock@MichaelCurrin/my-github-projects#e827df84c503b0c6e1f2478ce1ef00712490c84e › jekyll-sitemap@1.4.0 › jekyll@4.3.1 › kramdown@2.4.0 › rexml@3.2.5Remediation: Upgrade to jekyll-sitemap@1.4.0.
-
Introduced through: MichaelCurrin/my-github-projects:Gemfile.lock@MichaelCurrin/my-github-projects#e827df84c503b0c6e1f2478ce1ef00712490c84e › jemoji@0.13.0 › jekyll@4.3.1 › kramdown@2.4.0 › rexml@3.2.5Remediation: Upgrade to jemoji@0.13.0.
-
Introduced through: MichaelCurrin/my-github-projects:Gemfile.lock@MichaelCurrin/my-github-projects#e827df84c503b0c6e1f2478ce1ef00712490c84e › jekyll-bulma@0.8.1 › jekyll@4.3.1 › kramdown-parser-gfm@1.1.0 › kramdown@2.4.0 › rexml@3.2.5Remediation: Upgrade to jekyll-bulma@0.8.1.
-
Introduced through: MichaelCurrin/my-github-projects:Gemfile.lock@MichaelCurrin/my-github-projects#e827df84c503b0c6e1f2478ce1ef00712490c84e › jekyll-github-metadata@2.14.0 › jekyll@4.3.1 › kramdown-parser-gfm@1.1.0 › kramdown@2.4.0 › rexml@3.2.5Remediation: Upgrade to jekyll-github-metadata@2.14.0.
-
Introduced through: MichaelCurrin/my-github-projects:Gemfile.lock@MichaelCurrin/my-github-projects#e827df84c503b0c6e1f2478ce1ef00712490c84e › jekyll-seo-tag@2.8.0 › jekyll@4.3.1 › kramdown-parser-gfm@1.1.0 › kramdown@2.4.0 › rexml@3.2.5Remediation: Upgrade to jekyll-seo-tag@2.8.0.
-
Introduced through: MichaelCurrin/my-github-projects:Gemfile.lock@MichaelCurrin/my-github-projects#e827df84c503b0c6e1f2478ce1ef00712490c84e › jekyll-sitemap@1.4.0 › jekyll@4.3.1 › kramdown-parser-gfm@1.1.0 › kramdown@2.4.0 › rexml@3.2.5Remediation: Upgrade to jekyll-sitemap@1.4.0.
-
Introduced through: MichaelCurrin/my-github-projects:Gemfile.lock@MichaelCurrin/my-github-projects#e827df84c503b0c6e1f2478ce1ef00712490c84e › jemoji@0.13.0 › jekyll@4.3.1 › kramdown-parser-gfm@1.1.0 › kramdown@2.4.0 › rexml@3.2.5Remediation: Upgrade to jemoji@0.13.0.
Overview
rexml is an An XML toolkit for Ruby.
Affected versions of this package are vulnerable to Uncontrolled Resource Consumption when parsing an XML that has many <
s in an attribute value. An attacker can cause a denial of service by exploiting this behavior.
Workaround
This vulnerability can be mitigated by not parsing untrusted XMLs.
Remediation
Upgrade rexml
to version 3.2.7 or higher.