cp {en,ko}/news/_posts/2025-09-18-dos-rexml-cve-2025-58767.md

riseshia · riseshia · commit 35f33f9b04db · 2025-09-17T07:43:11.000+01:00
diff --git a/ko/news/_posts/2025-09-18-dos-rexml-cve-2025-58767.md b/ko/news/_posts/2025-09-18-dos-rexml-cve-2025-58767.md
@@ -0,0 +1,28 @@
+---
+layout: news_post
+title: "CVE-2025-58767: DoS vulnerability in REXML"
+author: "naitoh"
+translator:
+date: 2025-09-18 03:00:00 +0000
+tags: security
+lang: en
+---
+
+There is a DoS vulnerability in REXML gem. This vulnerability has been assigned the CVE identifier [CVE-2025-58767](https://www.cve.org/CVERecord?id=CVE-2025-58767). We strongly recommend upgrading the REXML gem.
+
+## Details
+
+Parsing invalid XML containing multiple XML declarations may cause increased execution time and memory usage.
+Please update REXML gem to version 3.4.2 or later.
+
+## Affected versions
+
+* REXML gem from 3.3.3 to 3.4.1
+
+## Credits
+
+Thanks to [Sofi Aberegg](https://github.com/sofiaaberegg) for discovering this issue.
+
+## History
+
+* Originally published at 2025-09-18 03:00:00 (UTC)
