-
Notifications
You must be signed in to change notification settings - Fork 605
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
ac9edde
commit b799fd6
Showing
1 changed file
with
31 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
--- | ||
layout: news_post | ||
title: "CVE-2024-41946: DoS vulnerability in REXML" | ||
author: "kou" | ||
translator: "Bear Su" | ||
date: 2024-08-01 03:00:00 +0000 | ||
tags: security | ||
lang: zh_tw | ||
--- | ||
|
||
在 REXML gem 發現了一個 DoS 漏洞。 | ||
該漏洞的 CVE 編號為 [CVE-2024-41946](https://www.cve.org/CVERecord?id=CVE-2024-41946)。 | ||
我們強烈建議您升級 REXML gem。 | ||
|
||
## 風險細節 | ||
|
||
當使用 SAX2 或是 pull parser API 解析包含許多 entity expansion 的 XML 時,REXML gem 可能會需要很長的處理時間。 | ||
|
||
請更新 REXML gem 至 3.3.3 或更新的版本。 | ||
|
||
## 受影響版本 | ||
|
||
* REXML gem 3.3.2 及更早版本 | ||
|
||
## 致謝 | ||
|
||
感謝 [NAITOH Jun](https://github.com/naitoh) 發現並修復此問題。 | ||
|
||
## 歷史 | ||
|
||
* 最初發布於 2024-08-01 03:00:00 (UTC) |