New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump rexml to >= 3.3.9 to resolve GHSA-2rxp-v6pw-ch6m #857

Merged

sds merged 1 commit into sds:main from RemoteCTO:main

Oct 31, 2024

Contributor

RemoteCTO commented Oct 30, 2024

A ReDoS vulnerability in REXML has been identified in versions <3.3.9

Details in GitHub:

GHSA-2rxp-v6pw-ch6m

This is a small bump to the latest patched version. This should resolve anybody getting the following bundle audit error when using overcommit:

Name: rexml
Version: 3.3.8
CVE: CVE-2024-49761
GHSA: GHSA-2rxp-v6pw-ch6m
Criticality: High
URL: https://github.com/ruby/rexml/security/advisories/GHSA-2rxp-v6pw-ch6m
Title: REXML ReDoS vulnerability
Solution: update to '>= 3.3.9'


          Bump rexml to resolve GHSA-2rxp-v6pw-ch6m advisory

Reference 3.3.9 explicitly

sds added the bug label

sds merged commit 9825868 into sds:main

15 checks passed

Owner

sds commented Oct 31, 2024

Thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bug