QID 198337

Date Published: 2021-04-26

QID 198337: Ubuntu Security Notification for Ruby vulnerability (USN-4922-1)

The rexml gem bundled with ruby incorrectly parsed and serialized xml documents

A remote attacker could possibly use this issue to perform an XML round-trip attack

  • CVSS V3 rated as Medium - 5.6 severity.
  • CVSS V2 rated as Medium - 4.3 severity.
  • Solution
    Refer to Ubuntu advisory: USN-4922-1 for affected packages and patching details, or update with your package manager.
    Vendor References

    CVEs related to QID 198337

    Software Advisories
    Advisory ID Software Component Link
    USN-4922-1 Ubuntu Linux URL Logo usn.ubuntu.com/4922-1