ADVISORIES

• CVE-2021-28965 (NVD)
• GHSA-8cr8-4vfw-mr7h
• Vendor Advisory

GEM

rexml

SEVERITY

CVSS v3.x: 7.5 (High)

PATCHED VERSIONS

• ~> 3.1.9.1
• ~> 3.2.3.1
• >= 3.2.5

DESCRIPTION

When parsing and serializing a crafted XML document, REXML gem (including the one bundled with Ruby) can create a wrong XML document whose structure is different from the original one.