ruby: fix CVE-2024-35176 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Divya Chellam <divya.chellam@windriver.com>	2025-11-20 15:07:20 +0530
committer	Steve Sakoman <steve@sakoman.com>	2025-12-01 06:50:49 -0800
commit	f58483837ce2ebfaf71ba4f8b75db5f6acc405a3 (patch)
tree	31b2b19735c3fd804c1c404fbffea5d2c649b767 /meta/recipes-devtools/python/python3
parent	cdc78fd36f440024c36f92c0170961c96f6d096b (diff)
download	poky-f58483837ce2ebfaf71ba4f8b75db5f6acc405a3.tar.gz

ruby: fix CVE-2024-35176

REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many `<`s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later include the patch to fix this vulnerability. As a workaround, don't parse untrusted XMLs. Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-35176 Upstream-patch: https://github.com/ruby/rexml/commit/4325835f92f3f142ebd91a3fdba4e1f1ab7f1cfb (From OE-Core rev: a89fcaf0c3ac2afd95e836bc1356832296135696) Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'meta/recipes-devtools/python/python3')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: