You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML gem 3.3.9 or later include the patch to fix the vulnerability.
Remediation Steps
Update the affected package rexml from version 3.3.4 to >= 3.3.9.
About this issue
This issue may not contain all the information about the CVE nor the images it affects.
This issue will not be updated with new information and the list of affected images may have changed since the creation of this issue.
CVE Details
MEDIUMrexml3.3.4>= 3.3.92024-10-28T15:15:05.157Z2024-10-29T10:20:48.021406666ZAffected Docker Images
public.ecr.aws/lambda/ruby:latestpublic.ecr.aws/lambda/ruby@sha256:a84fe02daf2dd291c6361f2961820f2db08068504d8e4d95b5d8a6637b93c022public.ecr.aws/lambda/ruby:latestpublic.ecr.aws/lambda/ruby@sha256:a84fe02daf2dd291c6361f2961820f2db08068504d8e4d95b5d8a6637b93c022public.ecr.aws/lambda/ruby:3.3public.ecr.aws/lambda/ruby@sha256:a84fe02daf2dd291c6361f2961820f2db08068504d8e4d95b5d8a6637b93c022public.ecr.aws/lambda/ruby:3.3public.ecr.aws/lambda/ruby@sha256:a84fe02daf2dd291c6361f2961820f2db08068504d8e4d95b5d8a6637b93c022public.ecr.aws/lambda/ruby:3.2public.ecr.aws/lambda/ruby@sha256:87eac9df58b93b40883bae1664c7493e632e6d6b0853db5735a1e81f5754426dpublic.ecr.aws/lambda/ruby:3.2public.ecr.aws/lambda/ruby@sha256:87eac9df58b93b40883bae1664c7493e632e6d6b0853db5735a1e81f5754426dDescription
Remediation Steps
rexmlfrom version3.3.4to>= 3.3.9.About this issue
The text was updated successfully, but these errors were encountered: