Vulnerabilities

 1 via 2 paths

Dependencies

 10

Source

 GitHub

Commit

 3dece1c1

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

  • Vulnerable module: rexml
  • Introduced through: mdl@0.11.0

Detailed paths

  • Introduced through: raimon49/my-portfolio@raimon49/my-portfolio#3dece1c12b537df5f8f77d16c5bd7761fb33e9d2 mdl@0.11.0 kramdown@2.3.1 rexml@3.3.9
    Remediation: Upgrade to mdl@0.11.0.
  • Introduced through: raimon49/my-portfolio@raimon49/my-portfolio#3dece1c12b537df5f8f77d16c5bd7761fb33e9d2 mdl@0.11.0 kramdown-parser-gfm@1.1.0 kramdown@2.3.1 rexml@3.3.9
    Remediation: Upgrade to mdl@0.11.0.

Overview

rexml is an An XML toolkit for Ruby.

Affected versions of this package are vulnerable to Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') due to parsing XML. An attacker can cause excessive resource consumption and disrupt service availability by submitting specially crafted XML files containing multiple XML declarations.

Remediation

Upgrade rexml to version 3.4.2 or higher.

References

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') vulnerability report