ALPINE-CVE-2025-58767

See a problem?
Please try reporting it to the source first.
Source
https://security.alpinelinux.org/vuln/CVE-2025-58767
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2025-58767.json
JSON Data
https://api.test.osv.dev/v1/vulns/ALPINE-CVE-2025-58767
Upstream
Published
2025-09-17T18:15:52.857Z
Modified
2026-01-06T12:15:25.982910Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches to fix these vulnerabilities.

References

Affected packages

Alpine:v3.23 / ruby-rexml

Package

Name
ruby-rexml
Purl
pkg:apk/alpine/ruby-rexml?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.4-r0

Affected versions

3.*

3.2.5-r0
3.2.5-r1
3.2.5-r2
3.2.5-r3
3.2.6-r0
3.2.6-r1
3.2.9-r0
3.3.9-r0
3.4.0-r0
3.4.1-r0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2025-58767.json"