RubySec

Providing security resources for the Ruby community

CVE-2021-28965 (rexml): XML round-trip vulnerability in REXML

ADVISORIES

GEM

rexml

PATCHED VERSIONS

  • >= 3.2.5

DESCRIPTION

When parsing and serializing a crafted XML document, REXML gem (including the one bundled with Ruby) can create a wrong XML document whose structure is different from the original one.