Skip to content

Commit

Permalink
Translate CVE 2024 41946 (zh_tw)
Browse files Browse the repository at this point in the history
  • Loading branch information
@timfanda35 @bugtender
timfanda35 authored and bugtender committed Aug 2, 2024
1 parent ac9edde commit b799fd6
Showing 1 changed file with 31 additions and 0 deletions.
31 changes: 31 additions & 0 deletions zh_tw/news/_posts/2024-08-01-dos-rexml-cve-2024-41946.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
---
layout: news_post
title: "CVE-2024-41946: DoS vulnerability in REXML"
author: "kou"
translator: "Bear Su"
date: 2024-08-01 03:00:00 +0000
tags: security
lang: zh_tw
---

在 REXML gem 發現了一個 DoS 漏洞。
該漏洞的 CVE 編號為 [CVE-2024-41946](https://www.cve.org/CVERecord?id=CVE-2024-41946)
我們強烈建議您升級 REXML gem。

## 風險細節

當使用 SAX2 或是 pull parser API 解析包含許多 entity expansion 的 XML 時,REXML gem 可能會需要很長的處理時間。

請更新 REXML gem 至 3.3.3 或更新的版本。

## 受影響版本

* REXML gem 3.3.2 及更早版本

## 致謝

感謝 [NAITOH Jun](https://github.com/naitoh) 發現並修復此問題。

## 歷史

* 最初發布於 2024-08-01 03:00:00 (UTC)

0 comments on commit b799fd6

Please sign in to comment.