REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML gem 3.3.9 or later include the patch to fix the vulnerability.
{ "binaries": [ { "binary_version": "2.3.1-2~ubuntu16.04.16+esm10", "binary_name": "libruby2.3" }, { "binary_version": "2.3.1-2~ubuntu16.04.16+esm10", "binary_name": "ruby2.3" }, { "binary_version": "2.3.1-2~ubuntu16.04.16+esm10", "binary_name": "ruby2.3-dev" }, { "binary_version": "2.3.1-2~ubuntu16.04.16+esm10", "binary_name": "ruby2.3-tcltk" } ], "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro" }
{ "binaries": [ { "binary_version": "2.5.1-1ubuntu1.16+esm4", "binary_name": "libruby2.5" }, { "binary_version": "2.5.1-1ubuntu1.16+esm4", "binary_name": "ruby2.5" }, { "binary_version": "2.5.1-1ubuntu1.16+esm4", "binary_name": "ruby2.5-dev" } ], "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro" }
{ "binaries": [ { "binary_version": "3.2.3-1ubuntu0.24.04.3", "binary_name": "libruby3.2" }, { "binary_version": "3.2.3-1ubuntu0.24.04.3", "binary_name": "ruby3.2" }, { "binary_version": "3.2.3-1ubuntu0.24.04.3", "binary_name": "ruby3.2-dev" } ], "availability": "No subscription required" }