FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
dec7e4b6-961a-11eb-9c34-080027f515earuby -- XML round-trip vulnerability in REXML

Juho Nurminen reports:

When parsing and serializing a crafted XML document, REXML gem (including the one bundled with Ruby) can create a wrong XML document whose structure is different from the original one. The impact of this issue highly depends on context, but it may lead to a vulnerability in some programs that are using REXML.


Discovery 2021-04-05
Entry 2021-04-05
ruby
ge 2.5.0,1 lt 2.5.9,1

ge 2.6.0,1 lt 2.6.7,1

ge 2.7.0,1 lt 2.7.3,1

ge 3.0.0.p1,1 lt 3.0.1,1

rubygem-rexml
lt 3.2.5

CVE-2021-28965
https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/