Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2021-28965

Published: August 31, 2023Last modified: August 31, 2023

Description

The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.

Severity score breakdown

ParameterValue
Base score7.5
Attack VectorNETWORK
Attack complexityLOW
Privileges requiredNONE
User interactionNONE
ScopeUNCHANGED
ConfidentialityNONE
Integrity impactHIGH
Availability impactNONE
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSrubyNot affected (3.1.4-r0)
StreamrubyNot affected (3.2.2-r0)

References

ON THIS PAGE