Vulnerabilities

 1 via 1 paths

Dependencies

 39

Source

 GitHub

Commit

 209443f9

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
Status
  • 1
  • 0
  • 0

low severity

Improper Input Validation

  • Vulnerable module: rexml
  • Introduced through: rubocop@1.7.0

Detailed paths

  • Introduced through: naokikimura/phc_string_format:Gemfile.lock@naokikimura/phc_string_format#209443f9645358084b26ee4a90c461c56ac5e12d rubocop@1.7.0 rexml@3.2.4
    Remediation: Upgrade to rubocop@1.7.0.

Overview

rexml is an An XML toolkit for Ruby.

Affected versions of this package are vulnerable to Improper Input Validation. When parsing and serializing a crafted XML document, REXML gem (including the one bundled with Ruby) can create a wrong XML document whose structure is different from the original one. The impact of this issue highly depends on context, but it may lead to a vulnerability in some programs that are using REXML.

Remediation

Upgrade rexml to version 3.2.5 or higher.

References

Improper Input Validation vulnerability report