From 2dcdee747be5ae68fe1d33d3efff0cc0ac8f0e33 Mon Sep 17 00:00:00 2001 From: Shia Date: Thu, 1 Aug 2024 19:55:47 +0900 Subject: [PATCH 1/3] cp from origin posts --- .../2024-08-01-dos-rexml-cve-2024-41123.md | 29 +++++++++++++++++++ .../2024-08-01-dos-rexml-cve-2024-41946.md | 29 +++++++++++++++++++ 2 files changed, 58 insertions(+) create mode 100644 ko/news/_posts/2024-08-01-dos-rexml-cve-2024-41123.md create mode 100644 ko/news/_posts/2024-08-01-dos-rexml-cve-2024-41946.md diff --git a/ko/news/_posts/2024-08-01-dos-rexml-cve-2024-41123.md b/ko/news/_posts/2024-08-01-dos-rexml-cve-2024-41123.md new file mode 100644 index 0000000000..d4d5e49bd9 --- /dev/null +++ b/ko/news/_posts/2024-08-01-dos-rexml-cve-2024-41123.md @@ -0,0 +1,29 @@ +--- +layout: news_post +title: "CVE-2024-41123: DoS vulnerabilities in REXML" +author: "kou" +translator: +date: 2024-08-01 03:00:00 +0000 +tags: security +lang: en +--- + +There are some DoS vulnerabilities in REXML gem. These vulnerabilities have been assigned the CVE identifier [CVE-2024-41123](https://www.cve.org/CVERecord?id=CVE-2024-41123). We strongly recommend upgrading the REXML gem. + +## Details + +When parsing an XML document that has many specific characters such as whitespace character, `>]` and `]>`, REXML gem may take long time. + +Please update REXML gem to version 3.3.3 or later. + +## Affected versions + +* REXML gem 3.3.2 or prior + +## Credits + +Thanks to [mprogrammer](https://hackerone.com/mprogrammer) and [scyoon](https://hackerone.com/scyoon) for discovering these issues. + +## History + +* Originally published at 2024-08-01 03:00:00 (UTC) diff --git a/ko/news/_posts/2024-08-01-dos-rexml-cve-2024-41946.md b/ko/news/_posts/2024-08-01-dos-rexml-cve-2024-41946.md new file mode 100644 index 0000000000..34cad88476 --- /dev/null +++ b/ko/news/_posts/2024-08-01-dos-rexml-cve-2024-41946.md @@ -0,0 +1,29 @@ +--- +layout: news_post +title: "CVE-2024-41946: DoS vulnerability in REXML" +author: "kou" +translator: +date: 2024-08-01 03:00:00 +0000 +tags: security +lang: en +--- + +There is a DoS vulnerability in REXML gem. This vulnerability has been assigned the CVE identifier [CVE-2024-41946](https://www.cve.org/CVERecord?id=CVE-2024-41946). We strongly recommend upgrading the REXML gem. + +## Details + +When parsing an XML that has many entity expansions with SAX2 or pull parser API, REXML gem may take long time. + +Please update REXML gem to version 3.3.3 or later. + +## Affected versions + +* REXML gem 3.3.2 or prior + +## Credits + +Thanks to [NAITOH Jun](https://github.com/naitoh) for discovering and fixing this issue. + +## History + +* Originally published at 2024-08-01 03:00:00 (UTC) From 5bbc3e399835d86a3d5de4f5ce9c6e2d498b090f Mon Sep 17 00:00:00 2001 From: Shia Date: Thu, 1 Aug 2024 20:11:01 +0900 Subject: [PATCH 2/3] Tranlates 2024-08-01 dos rexml (ko) --- .../2024-08-01-dos-rexml-cve-2024-41123.md | 26 +++++++++---------- .../2024-08-01-dos-rexml-cve-2024-41946.md | 26 +++++++++---------- 2 files changed, 26 insertions(+), 26 deletions(-) diff --git a/ko/news/_posts/2024-08-01-dos-rexml-cve-2024-41123.md b/ko/news/_posts/2024-08-01-dos-rexml-cve-2024-41123.md index d4d5e49bd9..dd5693bd09 100644 --- a/ko/news/_posts/2024-08-01-dos-rexml-cve-2024-41123.md +++ b/ko/news/_posts/2024-08-01-dos-rexml-cve-2024-41123.md @@ -1,29 +1,29 @@ --- layout: news_post -title: "CVE-2024-41123: DoS vulnerabilities in REXML" +title: "CVE-2024-41123: REXML의 DoS 취약점" author: "kou" -translator: +translator: "shia" date: 2024-08-01 03:00:00 +0000 tags: security -lang: en +lang: ko --- -There are some DoS vulnerabilities in REXML gem. These vulnerabilities have been assigned the CVE identifier [CVE-2024-41123](https://www.cve.org/CVERecord?id=CVE-2024-41123). We strongly recommend upgrading the REXML gem. +REXML gem에서 DoS 취약점이 발견되었습니다. 이 취약점은 CVE 번호 [CVE-2024-41123](https://www.cve.org/CVERecord?id=CVE-2024-41123)로 등록되었습니다. REXML gem 업그레이드를 강하게 추천합니다. -## Details +## 세부 내용 -When parsing an XML document that has many specific characters such as whitespace character, `>]` and `]>`, REXML gem may take long time. +공백 문자, `>]`, `]>`와 같은 특정 문자가 많이 포함된 XML 문서를 파싱할 때, REXML gem은 처리에 긴 시간이 걸립니다. -Please update REXML gem to version 3.3.3 or later. +REXML gem을 3.3.3이나 그 이상으로 업데이트하세요. -## Affected versions +## 해당 버전 -* REXML gem 3.3.2 or prior +* REXML gem 3.3.2와 그 이하 -## Credits +## 도움을 준 사람 -Thanks to [mprogrammer](https://hackerone.com/mprogrammer) and [scyoon](https://hackerone.com/scyoon) for discovering these issues. +이 문제를 발견해 준 [mprogrammer](https://hackerone.com/mprogrammer)와 [scyoon](https://hackerone.com/scyoon)에게 감사를 표합니다. -## History +## 수정 이력 -* Originally published at 2024-08-01 03:00:00 (UTC) +* 2024-08-01 03:00:00 (UTC) 최초 공개 diff --git a/ko/news/_posts/2024-08-01-dos-rexml-cve-2024-41946.md b/ko/news/_posts/2024-08-01-dos-rexml-cve-2024-41946.md index 34cad88476..6811487b9e 100644 --- a/ko/news/_posts/2024-08-01-dos-rexml-cve-2024-41946.md +++ b/ko/news/_posts/2024-08-01-dos-rexml-cve-2024-41946.md @@ -1,29 +1,29 @@ --- layout: news_post -title: "CVE-2024-41946: DoS vulnerability in REXML" +title: "CVE-2024-41946: REXML의 DoS 취약점" author: "kou" -translator: +translator: "shia" date: 2024-08-01 03:00:00 +0000 tags: security -lang: en +lang: ko --- -There is a DoS vulnerability in REXML gem. This vulnerability has been assigned the CVE identifier [CVE-2024-41946](https://www.cve.org/CVERecord?id=CVE-2024-41946). We strongly recommend upgrading the REXML gem. +REXML gem에서 DoS 취약점이 발견되었습니다. 이 취약점은 CVE 번호 [CVE-2024-41946](https://www.cve.org/CVERecord?id=CVE-2024-41946)로 등록되었습니다. REXML gem 업그레이드를 강하게 추천합니다. -## Details +## 세부 내용 -When parsing an XML that has many entity expansions with SAX2 or pull parser API, REXML gem may take long time. +SAX2나 pull parser API로 많은 엔티티 확장을 포함하는 XML을 파싱할 때, REXML gem은 처리에 긴 시간이 걸립니다. -Please update REXML gem to version 3.3.3 or later. +REXML gem을 3.3.3이나 그 이상으로 업데이트하세요. -## Affected versions +## 해당 버전 -* REXML gem 3.3.2 or prior +* REXML gem 3.3.2와 그 이하 -## Credits +## 도움을 준 사람 -Thanks to [NAITOH Jun](https://github.com/naitoh) for discovering and fixing this issue. +이 문제를 발견해 준 [NAITOH Jun](https://github.com/naitoh)에게 감사를 표합니다. -## History +## 수정 이력 -* Originally published at 2024-08-01 03:00:00 (UTC) +* 2024-08-01 03:00:00 (UTC) 최초 공개 From e3be39e0857613b2fb8dccbc0420ecb6abcb80b2 Mon Sep 17 00:00:00 2001 From: Shia Date: Fri, 2 Aug 2024 15:02:47 +0900 Subject: [PATCH 3/3] Apply suggestions from code review Co-authored-by: Chayoung You --- ko/news/_posts/2024-08-01-dos-rexml-cve-2024-41123.md | 2 +- ko/news/_posts/2024-08-01-dos-rexml-cve-2024-41946.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ko/news/_posts/2024-08-01-dos-rexml-cve-2024-41123.md b/ko/news/_posts/2024-08-01-dos-rexml-cve-2024-41123.md index dd5693bd09..d8efca8b1e 100644 --- a/ko/news/_posts/2024-08-01-dos-rexml-cve-2024-41123.md +++ b/ko/news/_posts/2024-08-01-dos-rexml-cve-2024-41123.md @@ -8,7 +8,7 @@ tags: security lang: ko --- -REXML gem에서 DoS 취약점이 발견되었습니다. 이 취약점은 CVE 번호 [CVE-2024-41123](https://www.cve.org/CVERecord?id=CVE-2024-41123)로 등록되었습니다. REXML gem 업그레이드를 강하게 추천합니다. +REXML gem에서 DoS 취약점이 몇 개 발견되었습니다. 이 취약점은 CVE 번호 [CVE-2024-41123](https://www.cve.org/CVERecord?id=CVE-2024-41123)으로 등록되었습니다. REXML gem 업그레이드를 강하게 추천합니다. ## 세부 내용 diff --git a/ko/news/_posts/2024-08-01-dos-rexml-cve-2024-41946.md b/ko/news/_posts/2024-08-01-dos-rexml-cve-2024-41946.md index 6811487b9e..0ab27c73d9 100644 --- a/ko/news/_posts/2024-08-01-dos-rexml-cve-2024-41946.md +++ b/ko/news/_posts/2024-08-01-dos-rexml-cve-2024-41946.md @@ -8,11 +8,11 @@ tags: security lang: ko --- -REXML gem에서 DoS 취약점이 발견되었습니다. 이 취약점은 CVE 번호 [CVE-2024-41946](https://www.cve.org/CVERecord?id=CVE-2024-41946)로 등록되었습니다. REXML gem 업그레이드를 강하게 추천합니다. +REXML gem에서 DoS 취약점이 발견되었습니다. 이 취약점은 CVE 번호 [CVE-2024-41946](https://www.cve.org/CVERecord?id=CVE-2024-41946)으로 등록되었습니다. REXML gem 업그레이드를 강하게 추천합니다. ## 세부 내용 -SAX2나 pull parser API로 많은 엔티티 확장을 포함하는 XML을 파싱할 때, REXML gem은 처리에 긴 시간이 걸립니다. +SAX2나 풀(pull) 파서 API로 많은 엔티티 확장을 포함하는 XML을 파싱할 때, REXML gem은 처리에 긴 시간이 걸립니다. REXML gem을 3.3.3이나 그 이상으로 업데이트하세요.