From b506a1c65450888a95accb86be8a7469e5c895ba Mon Sep 17 00:00:00 2001 From: Shia Date: Thu, 16 May 2024 22:49:25 +0900 Subject: [PATCH 1/3] Copy from en --- .../2024-05-16-dos-rexml-cve-2024-35176.md | 29 +++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 ko/news/_posts/2024-05-16-dos-rexml-cve-2024-35176.md diff --git a/ko/news/_posts/2024-05-16-dos-rexml-cve-2024-35176.md b/ko/news/_posts/2024-05-16-dos-rexml-cve-2024-35176.md new file mode 100644 index 0000000000..5867f1a877 --- /dev/null +++ b/ko/news/_posts/2024-05-16-dos-rexml-cve-2024-35176.md @@ -0,0 +1,29 @@ +--- +layout: news_post +title: "CVE-2024-35176: DoS in REXML" +author: "kou" +translator: +date: 2024-05-16 05:00:00 +0000 +tags: security +lang: en +--- + +There is a DoS vulnerability in REXML gem. This vulnerability has been assigned the CVE identifier [CVE-2024-35176](https://www.cve.org/CVERecord?id=CVE-2024-35176). We strongly recommend upgrading the REXML gem. + +## Details + +When parsing an XML document that has many `<` in an attribute value, REXML gem may take long time. + +Please update REXML gem to version 3.2.7 or later. + +## Affected versions + +* REXML gem 3.2.6 or prior + +## Credits + +Thanks to [mprogrammer](https://hackerone.com/mprogrammer) for discovering this issue. + +## History + +* Originally published at 2024-05-16 05:00:00 (UTC) From 430f182f5408a978e8cdd529ddbff22d65064ef2 Mon Sep 17 00:00:00 2001 From: Shia Date: Thu, 16 May 2024 22:54:15 +0900 Subject: [PATCH 2/3] Translate "CVE-2024-35176: DoS in REXML" --- .../2024-05-16-dos-rexml-cve-2024-35176.md | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/ko/news/_posts/2024-05-16-dos-rexml-cve-2024-35176.md b/ko/news/_posts/2024-05-16-dos-rexml-cve-2024-35176.md index 5867f1a877..1f31de2035 100644 --- a/ko/news/_posts/2024-05-16-dos-rexml-cve-2024-35176.md +++ b/ko/news/_posts/2024-05-16-dos-rexml-cve-2024-35176.md @@ -2,28 +2,28 @@ layout: news_post title: "CVE-2024-35176: DoS in REXML" author: "kou" -translator: +translator: "shia" date: 2024-05-16 05:00:00 +0000 tags: security -lang: en +lang: ko --- -There is a DoS vulnerability in REXML gem. This vulnerability has been assigned the CVE identifier [CVE-2024-35176](https://www.cve.org/CVERecord?id=CVE-2024-35176). We strongly recommend upgrading the REXML gem. +REXML gem에서 DoS 취약점이 발견되었습니다. 이 취약점은 CVE 번호 [CVE-2024-35176](https://www.cve.org/CVERecord?id=CVE-2024-35176)으로 등록되었습니다. REXML gem 갱신을 강하게 추천합니다. -## Details +## 세부 내용 -When parsing an XML document that has many `<` in an attribute value, REXML gem may take long time. +대량의 `<`를 속성값으로 가지고 있는 XML을 파싱할 때, REXML gem은 처리에 시간이 걸립니다. -Please update REXML gem to version 3.2.7 or later. +REXML gem을 3.2.7이나 그 이상으로 업데이트하세요. -## Affected versions +## 해당 버전 -* REXML gem 3.2.6 or prior +* REXML gem 3.2.6과 그 이하 -## Credits +## 도움을 준 사람 -Thanks to [mprogrammer](https://hackerone.com/mprogrammer) for discovering this issue. +이 문제를 발견해 준 [mprogrammer](https://hackerone.com/mprogrammer)에게 감사를 표합니다. -## History +## 수정 이력 -* Originally published at 2024-05-16 05:00:00 (UTC) +* 2024-05-16 05:00:00 (UTC) 최초 공개 From ec973ae36566931ce55ea8ac9c52b715151580be Mon Sep 17 00:00:00 2001 From: Shia Date: Mon, 20 May 2024 09:42:17 +0900 Subject: [PATCH 3/3] Apply suggestions from code review Co-authored-by: Chayoung You --- ko/news/_posts/2024-05-16-dos-rexml-cve-2024-35176.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ko/news/_posts/2024-05-16-dos-rexml-cve-2024-35176.md b/ko/news/_posts/2024-05-16-dos-rexml-cve-2024-35176.md index 1f31de2035..0a3558f93b 100644 --- a/ko/news/_posts/2024-05-16-dos-rexml-cve-2024-35176.md +++ b/ko/news/_posts/2024-05-16-dos-rexml-cve-2024-35176.md @@ -1,6 +1,6 @@ --- layout: news_post -title: "CVE-2024-35176: DoS in REXML" +title: "CVE-2024-35176: REXML의 DoS 취약점" author: "kou" translator: "shia" date: 2024-05-16 05:00:00 +0000 @@ -8,11 +8,11 @@ tags: security lang: ko --- -REXML gem에서 DoS 취약점이 발견되었습니다. 이 취약점은 CVE 번호 [CVE-2024-35176](https://www.cve.org/CVERecord?id=CVE-2024-35176)으로 등록되었습니다. REXML gem 갱신을 강하게 추천합니다. +REXML gem에서 DoS 취약점이 발견되었습니다. 이 취약점은 CVE 번호 [CVE-2024-35176](https://www.cve.org/CVERecord?id=CVE-2024-35176)으로 등록되었습니다. REXML gem 업그레이드를 강하게 추천합니다. ## 세부 내용 -대량의 `<`를 속성값으로 가지고 있는 XML을 파싱할 때, REXML gem은 처리에 시간이 걸립니다. +대량의 `<`를 속성값으로 가지고 있는 XML을 파싱할 때, REXML gem은 처리에 긴 시간이 걸립니다. REXML gem을 3.2.7이나 그 이상으로 업데이트하세요.