FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
dec7e4b6-961a-11eb-9c34-080027f515ea	ruby -- XML round-trip vulnerability in REXML Juho Nurminen reports: When parsing and serializing a crafted XML document, REXML gem (including the one bundled with Ruby) can create a wrong XML document whose structure is different from the original one. The impact of this issue highly depends on context, but it may lead to a vulnerability in some programs that are using REXML. Discovery 2021-04-05 Entry 2021-04-05 ruby >= 2.5.0,1 lt 2.5.9,1 >= 2.6.0,1 lt 2.6.7,1 >= 2.7.0,1 lt 2.7.3,1 >= 3.0.0.p1,1 lt 3.0.1,1 rubygem-rexml < 3.2.5 CVE-2021-28965 https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/

VuXML ID

Description

dec7e4b6-961a-11eb-9c34-080027f515ea

ruby -- XML round-trip vulnerability in REXML

Juho Nurminen reports:

When parsing and serializing a crafted XML document, REXML gem (including the one bundled with Ruby) can create a wrong XML document whose structure is different from the original one. The impact of this issue highly depends on context, but it may lead to a vulnerability in some programs that are using REXML.

Discovery 2021-04-05
Entry 2021-04-05
ruby

>= 2.5.0,1 lt 2.5.9,1

>= 2.6.0,1 lt 2.6.7,1

>= 2.7.0,1 lt 2.7.3,1

>= 3.0.0.p1,1 lt 3.0.1,1

rubygem-rexml

< 3.2.5

CVE-2021-28965
https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/