github-actions[bot]
commented
2 hours ago Migrated issue to PA-7106
Open mhashizume opened 2 hours ago
github-actions[bot]
commented
2 hours ago Migrated issue to PA-7106
Ruby announced a vulnerability in REXML with a CVSS score of 6.6: https://github.com/advisories/GHSA-2rxp-v6pw-ch6m
This vulnerability does not affect Ruby 3.2 or later. We should probably assume that this affects Ruby 2.7, which we still use in agent-runtime-7.x.
We need to patch REXML in Ruby 2.7 to address this vulnerability.
It seems this is the commit in the REXML gem that addresses the vulnerability: https://github.com/ruby/rexml/commit/ce59f2eb1aeb371fe1643414f06618dbe031979f