-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update rexml dependency #1040
Comments
Hey this is affecting the project I am working on since Starscream is a dependency for another package we need. If someone could take a look at this, that would be great! Thanks :) |
I'm Andrii from @crowdin, maintainer of the Crowdin iOS SDK - https://github.com/crowdin/mobile-sdk-ios. This SDK depends on Starscream and we received the report about this vulnerability. I was just wondering if it would be possible to fix it soon? We look forward to hearing from you and thank you in advance! |
It looks like there is already a pull request to fix this - #1026 UPD. It updates to the older version than we need. |
It has been over a month. If someone has seen this thread could you comment so I know someone is looking into fixing this? Thanks! |
What do you want to happen?
There is a DoS vulnerability in REXML gem. This vulnerability has been assigned the CVE identifier CVE-2024-39908. We strongly recommend upgrading the REXML gem.
What happens now?
When it parses an XML that has many specific characters such as <, 0 and %>. REXML gem may take long time.
Please update REXML gem to version 3.3.2 or later.
Demo Code
_
Describe alternatives you've considered
None.
Additional context
Affected versions
REXML gem 3.3.2 or prior
The text was updated successfully, but these errors were encountered: