Skip to content

Commit

Permalink
Merge pull request #3317 from timfanda35/translate-dos-rexml-cve-2024…
Browse files Browse the repository at this point in the history 
…-39908

Translate CVE 2024 39908 (zh_tw)
  • Loading branch information
@JuanitoFatas
JuanitoFatas authored Jul 17, 2024
2 parents 40003f5 + b72f241 commit a4b9b15
Showing 1 changed file with 31 additions and 0 deletions.
31 changes: 31 additions & 0 deletions zh_tw/news/_posts/2024-07-16-dos-rexml-cve-2024-39908.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
---
layout: news_post
title: "CVE-2024-39908 : DoS in REXML"
author: "watson1978"
translator: "Bear Su"
date: 2024-07-16 03:00:00 +0000
tags: security
lang: zh_tw
---

在 REXML gem 發現了一個 DoS 漏洞。
該漏洞的 CVE 編號為 [CVE-2024-39908](https://www.cve.org/CVERecord?id=CVE-2024-39908)
我們強烈建議您升級 REXML gem。

## 風險細節

當解析包含許多特定字元如 `<``0``%>` 的 XML 文件時,REXML gem 可能會需要很長的處理時間。

請更新 REXML gem 至 3.3.2 或更新的版本。

## 受影響版本

* REXML gem 3.3.1 及更早版本

## 致謝

感謝 [mprogrammer](https://hackerone.com/mprogrammer) 發現此問題。

## 歷史

* 最初發布於 2024-07-16 03:00:00 (UTC)

0 comments on commit a4b9b15

Please sign in to comment.