CNNVD-202509-2685 Information

CNNVD ID

CNNVD-202509-2685

Related CVE

CVE-2025-58767

• CNNVD Published: 2025-09-17

Description (Chinese)

REXML是Ruby开源的一个用于 Ruby 的 XML 工具包。 REXML 3.3.3版本至3.4.1版本存在资源管理错误漏洞，该漏洞源于解析包含多个XML声明的XML时处理不当，可能导致拒绝服务攻击。

Description (English)

REXML is an XML toolkit for Ruby’s open source. There is a resource management error gap in REXML Versions 3.3.3 to 3.4.1, which arises from the mishandling of XML when it is analysed and contains multiple XML declarations, which may lead to a denial of service attack.

Hazard Level

High

Vulnerability Type

资源管理错误

Affected Vendor

Ruby

Published

2025-09-17

Last Modified

2026-02-24

References

https://github.com/ruby/rexml/security/advisories/GHSA-c2f4-jgmc-q2r5 https://github.com/ruby/rexml/commit/5859bdeac792687eaf93d8e8f0b7e3c1e2ed5c23 https://vigilance.fr/vulnerability/Ruby-REXML-Gem-overload-via-Multiple-XML-Declarations-48256

Patch

https://github.com/ruby/rexml/releases