From 05b9cece24e4b073c337214500167c9fe3814737 Mon Sep 17 00:00:00 2001
From: Watson <watson1978@gmail.com>
Date: Tue, 16 Jul 2024 11:11:21 +0900
Subject: [PATCH] Add CVE-2024-39908 : DoS in REXML

---
 .../2024-07-16-dos-rexml-cve-2024-39908.md    | 29 +++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 en/news/_posts/2024-07-16-dos-rexml-cve-2024-39908.md

diff --git a/en/news/_posts/2024-07-16-dos-rexml-cve-2024-39908.md b/en/news/_posts/2024-07-16-dos-rexml-cve-2024-39908.md
new file mode 100644
index 0000000000..1da55ba595
--- /dev/null
+++ b/en/news/_posts/2024-07-16-dos-rexml-cve-2024-39908.md
@@ -0,0 +1,29 @@
+---
+layout: news_post
+title: "CVE-2024-39908 : DoS in REXML"
+author: "watson1978"
+translator:
+date: 2024-07-16 03:00:00 +0000
+tags: security
+lang: en
+---
+
+There is a DoS vulnerability in REXML gem. This vulnerability has been assigned the CVE identifier [CVE-2024-39908](https://www.cve.org/CVERecord?id=CVE-2024-399086). We strongly recommend upgrading the REXML gem.
+
+## Details
+
+When it parses an XML that has many specific characters such as `<`, `0` and `%>`. REXML gem may take long time.
+
+Please update REXML gem to version 3.3.2 or later.
+
+## Affected versions
+
+* REXML gem 3.3.2 or prior
+
+## Credits
+
+Thanks to [mprogrammer](https://hackerone.com/mprogrammer) for discovering this issue.
+
+## History
+
+* Originally published at 2024-07-16 03:00:00 (UTC)