hbparache
commented
1 month ago Second one: Introduced through terraspace@2.2.16 and terraspace_plugin_aws@0.6.1 Fixed in rexml@3.3.3 Exploit maturity No known exploit Show less detail Detailed paths Introduced through: project@ › terraspace@2.2.16 › rexml@3.2.6 Fix: No remediation path available. Introduced through: project@ › terraspace_plugin_aws@0.6.1 › s3-secure@0.7.0 › rexml@3.2.6 Fix: No remediation path available. Security information Factors contributing to the scoring: Snyk: CVSS v4.0 6.9 - Medium Severity | CVSS v3.1 5.3 - Medium Severity NVD: CVSS v3.1 7.5 - High Severity Why are the scores different? Learn how Snyk evaluates vulnerability scores Overview rexml is an An XML toolkit for Ruby.
Affected versions of this package are vulnerable to Denial of Service (DoS) via the REXML gem, when parsing an XML document that has many specific characters such as whitespace character,>] and ]>.
ShreyNiraula
Introduced through terraspace@2.2.16 and terraspace_plugin_aws@0.6.1 Fixed in rexml@3.3.2 Exploit maturity No known exploit Show less detail Detailed paths Introduced through: project@ › terraspace@2.2.16 › rexml@3.2.6 Fix: No remediation path available. Introduced through: project@ › terraspace_plugin_aws@0.6.1 › s3-secure@0.7.0 › rexml@3.2.6 Fix: No remediation path available. Security information Factors contributing to the scoring: Snyk: CVSS v4.0 5.3 - Medium Severity | CVSS v3.1 4.3 - Medium Severity NVD: Not available. NVD has not yet published its analysis. Why are the scores different? Learn how Snyk evaluates vulnerability scores Overview rexml is an An XML toolkit for Ruby.
Affected versions of this package are vulnerable to Denial of Service (DoS) through the XML parsing process. An attacker can cause a denial of service by sending specially crafted XML documents that contain many specific characters such as <, 0, and %>.
This vulnerability is exploitable if the application is configured to parse untrusted XML documents.
Learn about this type of vulnerability