CVE-2021-28965
Improper Restriction of XML External Entity Reference in gem/rexml
Identifiers
CVE-2021-28965
Package Slug
gem/rexml
Vulnerability
Improper Restriction of XML External Entity Reference
Description
The REXML gem does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.
Affected Versions
All versions before 3.2.5
Solution
Upgrade to version 3.2.5 or above.
Last Modified
2021-04-30
| source |