CVE-2021-28965 log

Severity Critical
Remote Yes
Type Incorrect calculation
When parsing and serializing a crafted XML document, the REXML gem (including the one bundled with Ruby) can create a wrong XML document whose structure is different from the original one. The impact of this issue highly depends on context, but it may lead to a vulnerability in some programs that are using REXML. The issue is fixed in version 3.2.5 of the REXML gem.
Group Package Affected Fixed Severity Status Ticket
AVG-1822 gitlab 13.10.2-1 13.10.3-1 Critical Fixed
AVG-1789 ruby 2.7.2-1 3.0.1-1 Critical Fixed
AVG-1788 ruby-rexml 3.2.4-1 3.2.5-1 Critical Fixed
Date Advisory Group Package Severity Type
29 Apr 2021 ASA-202104-1 AVG-1822 gitlab Critical multiple issues