poky/ruby at f58483837ce2ebfaf71ba4f8b75db5f6acc405a3 - poky

mirror of https://git.yoctoproject.org/poky synced 2026-02-11 11:13:04 +01:00

Files

Divya Chellam f58483837c ruby: fix CVE-2024-35176

REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a
denial of service vulnerability when it parses an XML that has many
`<`s in an attribute value. Those who need to parse untrusted XMLs
may be impacted to this vulnerability. The REXML gem 3.2.7 or later
include the patch to fix this vulnerability. As a workaround, don't
parse untrusted XMLs.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-35176

Upstream-patch:
4325835f92

(From OE-Core rev: a89fcaf0c3ac2afd95e836bc1356832296135696)

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

2025-12-01 06:50:49 -08:00

ruby

ruby: fix CVE-2024-35176

2025-12-01 06:50:49 -08:00

ruby_3.1.3.bb

ruby: fix CVE-2024-35176

2025-12-01 06:50:49 -08:00