CVE-2021-28965

Improper Restriction of XML External Entity Reference in gem/rexml

Identifier

CVE-2021-28965

Package Slug

gem/rexml

Vulnerability

Improper Restriction of XML External Entity Reference

Description

The REXML gem does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.

Affected Versions

All versions before 3.2.5

Solution

Upgrade to version 3.2.5 or above.

Last Modified

2021-04-30

source