CVE-2021-28965

The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.

Database specific

{
    "unresolved_ranges": [
        {
            "cpe": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "34"
                }
            ]
        }
    ]
}

References

Affected packages

Git / github.com/ruby/ruby

Affected ranges

Type

GIT

Repo

https://github.com/ruby/ruby

Events

Introduced

Fixed

31d0f1a2e7dbfb60731d1f05b868e1d578cda493

Fixed

930143880a8b593e7444b94e2e0522b83a25c671

Introduced

647ee6f091eafcce70ffb75ddf7e121e192ab217

Fixed

6847ee089d7655b2a0eea4fee3133aeacd4cc7cc

Introduced

95aff214687a5e12c3eb57d056665741e734c188

Fixed

0fb782ee38ea37fd5fe8b1f775f8ad866a82a3f0

Database specific

{
    "cpe": [
        "cpe:2.3:a:ruby-lang:rexml:*:*:*:*:*:ruby:*:*",
        "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*"
    ],
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.2.5"
        },
        {
            "fixed": "2.6.7"
        },
        {
            "introduced": "2.7.0"
        },
        {
            "fixed": "2.7.3"
        },
        {
            "introduced": "3.0.0"
        },
        {
            "fixed": "3.0.1"
        }
    ]
}

Affected versions

Other

v1_0_r2

v2_7_0

v2_7_0_preview1

v2_7_0_preview2

v2_7_0_preview3

v2_7_0_rc1

v2_7_0_rc2

v2_7_1

v2_7_2

v3_0_0

v3_0_0_preview1

v3_0_0_preview2

v3_0_0_rc1

v3_0_0_rc2

v3_1_0_preview1

v3_2_0

v3_2_0_preview1

v3_2_0_preview2

v3_2_0_preview3

v3_2_0_rc1

v3_2_1

v3_2_2

v3_2_3

v3_2_4

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-28965.json"