Update rexml dependency #291
Labels
Comments
andrii-bodnar
added
good first issue
|
Hi @npetrackunit, thank you for reporting this! Could you please share the issue you've posted to the Starscreem repository? |
andrii-bodnar
added
dependencies
|
@andrii-bodnar Of course! daltoniam/Starscream#1040 Thanks for the quick reply! |
|
@npetrackunit thank you for the link! I just posted a new comment on this issue, hopefully it will get some attention from the maintainers. I see there has been no activity on this repo for a while... |
|
@andrii-bodnar I really appreciate it! I noticed that as well, so I hope you have better luck than I did :) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
There is a DoS vulnerability in REXML gem which is included in the Starscream dependency. This vulnerability has been assigned the CVE identifier CVE-2024-39908. We strongly recommend upgrading the REXML gem.
Describe the solution you'd like
Contact Starscream since they are a dependency for your repo, adjust things on your end to remove the issue if possible.
Describe alternatives you've considered
I have contacted that repo directly with a github issue but haven't heard back for 2 weeks about this.
Additional context
Affected versions
REXML gem 3.3.2 or prior
Hi, I am posting this on your repo since I am not getting a response from the Starscream folks. If you could help out with this that would be great. This issue is being flagged in our project through a company check, and there is nothing I can do to resolve this either than remove your package.
Let me know if there is something else I can do to resolve this. Thanks :)
The text was updated successfully, but these errors were encountered: