Update rexml dependency #1040
Comments
|
Hey this is affecting the project I am working on since Starscream is a dependency for another package we need. If someone could take a look at this, that would be great! Thanks :) |
|
I'm Andrii from @crowdin, maintainer of the Crowdin iOS SDK - https://github.com/crowdin/mobile-sdk-ios. This SDK depends on Starscream and we received the report about this vulnerability. I was just wondering if it would be possible to fix it soon? We look forward to hearing from you and thank you in advance! |
|
It looks like there is already a pull request to fix this - #1026 UPD. It updates to the older version than we need. |
|
It has been over a month. If someone has seen this thread could you comment so I know someone is looking into fixing this? Thanks! |
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
What do you want to happen?
There is a DoS vulnerability in REXML gem. This vulnerability has been assigned the CVE identifier CVE-2024-39908. We strongly recommend upgrading the REXML gem.
What happens now?
When it parses an XML that has many specific characters such as <, 0 and %>. REXML gem may take long time.
Please update REXML gem to version 3.3.2 or later.
Demo Code
_
Describe alternatives you've considered
None.
Additional context
Affected versions
REXML gem 3.3.2 or prior
The text was updated successfully, but these errors were encountered: