Find, fix and prevent vulnerabilities in your code.
medium severity
new
- Vulnerable module: rexml
- Introduced through: aemo@0.6.0, rubocop@1.59.0 and others
Detailed paths
-
Introduced through: jufemaiz/aemo@jufemaiz/aemo#eff488b25fe1f29e9bb5d15126cc81b6304cb408 › aemo@0.6.0 › rexml@3.2.6Remediation: Upgrade to aemo@0.6.0.
-
Introduced through: jufemaiz/aemo@jufemaiz/aemo#eff488b25fe1f29e9bb5d15126cc81b6304cb408 › rubocop@1.59.0 › rexml@3.2.6Remediation: Upgrade to rubocop@1.59.0.
-
Introduced through: jufemaiz/aemo@jufemaiz/aemo#eff488b25fe1f29e9bb5d15126cc81b6304cb408 › rubocop-minitest@0.34.1 › rubocop@1.59.0 › rexml@3.2.6Remediation: Upgrade to rubocop-minitest@0.34.1.
-
Introduced through: jufemaiz/aemo@jufemaiz/aemo#eff488b25fe1f29e9bb5d15126cc81b6304cb408 › rubocop-rspec@2.25.0 › rubocop@1.59.0 › rexml@3.2.6Remediation: Upgrade to rubocop-rspec@2.25.0.
-
Introduced through: jufemaiz/aemo@jufemaiz/aemo#eff488b25fe1f29e9bb5d15126cc81b6304cb408 › webmock@3.19.1 › crack@0.4.5 › rexml@3.2.6Remediation: Upgrade to webmock@3.19.1.
-
Introduced through: jufemaiz/aemo@jufemaiz/aemo#eff488b25fe1f29e9bb5d15126cc81b6304cb408 › rubocop-rspec@2.25.0 › rubocop-capybara@2.19.0 › rubocop@1.59.0 › rexml@3.2.6Remediation: Upgrade to rubocop-rspec@2.25.0.
-
Introduced through: jufemaiz/aemo@jufemaiz/aemo#eff488b25fe1f29e9bb5d15126cc81b6304cb408 › rubocop-rspec@2.25.0 › rubocop-factory_bot@2.24.0 › rubocop@1.59.0 › rexml@3.2.6Remediation: Upgrade to rubocop-rspec@2.25.0.
Overview
rexml is an An XML toolkit for Ruby.
Affected versions of this package are vulnerable to Uncontrolled Resource Consumption when parsing an XML that has many <
s in an attribute value. An attacker can cause a denial of service by exploiting this behavior.
Workaround
This vulnerability can be mitigated by not parsing untrusted XMLs.
Remediation
Upgrade rexml
to version 3.2.7 or higher.