cp from origin posts

riseshia · riseshia · commit 2dcdee747be5 · 2024-08-01T19:55:47.000+09:00
diff --git a/ko/news/_posts/2024-08-01-dos-rexml-cve-2024-41123.md b/ko/news/_posts/2024-08-01-dos-rexml-cve-2024-41123.md
@@ -0,0 +1,29 @@
+---
+layout: news_post
+title: "CVE-2024-41123: DoS vulnerabilities in REXML"
+author: "kou"
+translator:
+date: 2024-08-01 03:00:00 +0000
+tags: security
+lang: en
+---
+
+There are some DoS vulnerabilities in REXML gem. These vulnerabilities have been assigned the CVE identifier [CVE-2024-41123](https://www.cve.org/CVERecord?id=CVE-2024-41123). We strongly recommend upgrading the REXML gem.
+
+## Details
+
+When parsing an XML document that has many specific characters such as whitespace character, `>]` and `]>`, REXML gem may take long time.
+
+Please update REXML gem to version 3.3.3 or later.
+
+## Affected versions
+
+* REXML gem 3.3.2 or prior
+
+## Credits
+
+Thanks to [mprogrammer](https://hackerone.com/mprogrammer) and [scyoon](https://hackerone.com/scyoon) for discovering these issues.
+
+## History
+
+* Originally published at 2024-08-01 03:00:00 (UTC)
diff --git a/ko/news/_posts/2024-08-01-dos-rexml-cve-2024-41946.md b/ko/news/_posts/2024-08-01-dos-rexml-cve-2024-41946.md
@@ -0,0 +1,29 @@
+---
+layout: news_post
+title: "CVE-2024-41946: DoS vulnerability in REXML"
+author: "kou"
+translator:
+date: 2024-08-01 03:00:00 +0000
+tags: security
+lang: en
+---
+
+There is a DoS vulnerability in REXML gem. This vulnerability has been assigned the CVE identifier [CVE-2024-41946](https://www.cve.org/CVERecord?id=CVE-2024-41946). We strongly recommend upgrading the REXML gem.
+
+## Details
+
+When parsing an XML that has many entity expansions with SAX2 or pull parser API, REXML gem may take long time.
+
+Please update REXML gem to version 3.3.3 or later.
+
+## Affected versions
+
+* REXML gem 3.3.2 or prior
+
+## Credits
+
+Thanks to [NAITOH Jun](https://github.com/naitoh) for discovering and fixing this issue.
+
+## History
+
+* Originally published at 2024-08-01 03:00:00 (UTC)
