CVE-2021-28965

Affecting ruby2.3 package, versions *

Report new vulnerabilities
low severity
Do your applications use this vulnerable package? Test your applications

NVD Description

Note: Versions mentioned in the description apply to the upstream ruby2.3 package.

The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.

Remediation

There is no fixed version for Debian:9 ruby2.3.

References

CVE
CVE-2021-28965
Snyk ID
SNYK-DEBIAN9-RUBY23-1244600
Disclosed
21 Apr, 2021
Published
09 Apr, 2021