Lucene search
Veracode Vulnerability DatabaseVERACODE:30012HistoryApr 17, 2021 - 2:47 a.m.
XML Injection
2021-04-1702:47:08
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
19
ruby
xml
injection
rexml
vulnerability
EPSS
0.001
Percentile
43.0%
ruby is vulnerable to XML injection. The vulnerability exists due to REXML gem creating a wrong XML document whose structure is different from the original one.
References
lists.fedoraproject.org/archives/list/[email protected]/message/WTVFTLFVCSUE5CXHINJEUCKSHU4SWDMT/
secdb.alpinelinux.org/v3.10/main.yaml
secdb.alpinelinux.org/v3.11/main.yaml
secdb.alpinelinux.org/v3.12/main.yaml
secdb.alpinelinux.org/v3.13/main.yaml
security.netapp.com/advisory/ntap-20210528-0003/
www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/
Related
nessus
nessus
FreeBSD : ruby -- XML round-trip vulnerability in REXML (dec7e4b6-961a-11eb-9c34-080027f515ea)
2021-04-14 00:00:00
SUSE SLED15 / SLES15 Security Update : ruby2.5 (SUSE-SU-2021:1280-1)
2021-04-21 00:00:00
openSUSE Security Update : ruby2.5 (openSUSE-2021-607)
2021-05-18 00:00:00
osv
osv
CVE-2021-28965
2021-04-21 07:15:07
BIT-ruby-2021-28965
2024-03-06 11:05:40
ruby2.3, ruby2.5, ruby2.7 vulnerability
2021-04-20 17:01:53
openvas
openvas
Ubuntu: Security Advisory (USN-4922-1)
2021-04-21 00:00:00
Fedora: Security Advisory for rubygem-railties (FEDORA-2021-7b8b65bc7a)
2021-04-25 00:00:00
Fedora: Security Advisory for ruby (FEDORA-2021-6385a09efc)
2021-04-23 00:00:00
nvd
nvd
CVE-2021-28965
2021-04-21 07:15:07
redhatcve
redhatcve
CVE-2021-28965
2021-04-08 17:16:00
ubuntu
ubuntu
Ruby vulnerability
2021-04-26 00:00:00
Ruby vulnerability
2021-04-20 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-28965 affecting package ruby 2.6.6-4
2021-06-09 03:50:37
CVE-2021-28965 affecting package ruby for versions less than 2.7.4-1
2022-04-09 06:51:53
fedora
fedora
[SECURITY] Fedora 33 Update: ruby-2.7.3-136.fc33
2021-04-17 14:06:37
[SECURITY] Fedora 34 Update: rubygem-railties-6.1.2.1-2.fc34
2021-04-24 20:20:14
[SECURITY] Fedora 34 Update: rubygem-pry-0.13.1-5.fc34
2021-04-24 20:20:14
cloudfoundry
cloudfoundry
USN-4922-1: Ruby vulnerability | Cloud Foundry
2021-04-29 00:00:00
freebsd
freebsd
Gitlab -- Vulnerabilities
2021-04-14 00:00:00
ruby -- XML round-trip vulnerability in REXML
2021-04-05 00:00:00
debiancve
debiancve
CVE-2021-28965
2021-04-21 07:15:07
hackerone
hackerone
Ruby: Round-trip instability in REXML
2021-02-16 08:10:08
ubuntucve
ubuntucve
CVE-2021-28965
2021-04-12 00:00:00
prion
prion
Code injection
2021-04-21 07:15:00
rubygems
rubygems
XML round-trip vulnerability in REXML
2021-04-04 21:00:00
alpinelinux
alpinelinux
CVE-2021-28965
2021-04-21 07:15:07
amazon
amazon
Medium: ruby24
2021-05-14 16:58:00
Medium: ruby
2024-09-12 18:30:00
cvelist
cvelist
CVE-2021-28965
2021-04-21 06:55:24
github
github
REXML round-trip instability
2021-04-30 17:30:37
suse
suse
Security update for ruby2.5 (moderate)
2021-04-24 00:00:00
cve
cve
CVE-2021-28965
2021-04-21 07:15:07
rocky
rocky
ruby:2.7 security, bug fix, and enhancement update
2021-06-29 13:57:50
ruby:2.5 security, bug fix, and enhancement update
2021-06-29 13:58:20
ruby:2.6 security, bug fix, and enhancement update
2021-06-29 13:58:40
redhat
redhat
archlinux
archlinux
[ASA-202104-1] gitlab: multiple issues
2021-04-29 00:00:00
almalinux
almalinux
Moderate: ruby:2.7 security, bug fix, and enhancement update
2021-06-29 13:57:50
Moderate: ruby:2.6 security, bug fix, and enhancement update
2021-06-29 13:58:40
Moderate: ruby:2.5 security, bug fix, and enhancement update
2021-06-29 13:58:20
oraclelinux
oraclelinux
ruby:2.7 security, bug fix, and enhancement update
2021-07-07 00:00:00
ruby:2.5 security, bug fix, and enhancement update
2021-07-02 00:00:00
ruby:2.6 security, bug fix, and enhancement update
2021-07-07 00:00:00
debian
debian
[SECURITY] [DSA 5066-1] ruby2.5 security update
2022-02-03 19:26:40
mageia
mageia
Updated ruby packages fix security vulnerability
2021-12-24 00:01:45
ibm
ibm
rosalinux
rosalinux
Advisory ROSA-SA-2021-1966
2021-07-02 18:06:34