andrii-bodnar
commented
3 weeks ago Hi @npetrackunit, thank you for reporting this!
Could you please share the issue you've posted to the Starscreem repository?
Open npetrackunit opened 3 weeks ago
andrii-bodnar
commented
3 weeks ago Hi @npetrackunit, thank you for reporting this!
Could you please share the issue you've posted to the Starscreem repository?
npetrackunit
commented
3 weeks ago @andrii-bodnar Of course! https://github.com/daltoniam/Starscream/issues/1040
Thanks for the quick reply!
andrii-bodnar
commented
3 weeks ago @npetrackunit thank you for the link!
I just posted a new comment on this issue, hopefully it will get some attention from the maintainers. I see there has been no activity on this repo for a while...
npetrackunit
commented
3 weeks ago @andrii-bodnar I really appreciate it! I noticed that as well, so I hope you have better luck than I did :)
Is your feature request related to a problem? Please describe. There is a DoS vulnerability in REXML gem which is included in the Starscream dependency. This vulnerability has been assigned the CVE identifier CVE-2024-39908. We strongly recommend upgrading the REXML gem.
Describe the solution you'd like Contact Starscream since they are a dependency for your repo, adjust things on your end to remove the issue if possible.
Describe alternatives you've considered I have contacted that repo directly with a github issue but haven't heard back for 2 weeks about this.
Additional context Affected versions REXML gem 3.3.2 or prior
Hi, I am posting this on your repo since I am not getting a response from the Starscream folks. If you could help out with this that would be great. This issue is being flagged in our project through a company check, and there is nothing I can do to resolve this either than remove your package.
Let me know if there is something else I can do to resolve this. Thanks :)